Ransomware

​Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

​A Closer Look: Ransomware Statistics 2016 – 2017
  1. Ransomware emails spiked 6,000%
  2. 40% of all spam email had Ransomware
  3. 59% of infections came from email
  4. 92% of surveyed IT firms reported attacks on their clients
  5. Infections hit 56,000 in a single month
  6. Attacks expected to double in 2017
  7. Healthcare and Financial Services were the hardest hit
  8. 70% of businesses paid the ransom
  9. 20% of businesses paid more than $40,000
  10. Less than 25% of Ransomware attacks are reported
  11. Most businesses face at least 2 days of downtime
​On May 12th, 2017 the Ransomware WannaCry disrupted hundreds of organizations in dozens of countries. The Ransomware encrypts personal and critical documents and files and demands approximately $300 USD in Bitcoin currency for the victim to unlock their files. The good news is, we have several vendors that can prevent this from happening to you!
ESET clients were already protected by ESET’s network protection module. This had been blocking attempts to exploit the leaked vulnerability at the network level well before this particular malware was even created. On Friday, ESET increased the protection level for this specific threat via the Win32/Filecoder.WannaCryptor.D update to the detection engine (15404, May-12-2017, 13:20 UTC/GMT +02:00). Prior to that, ESET LiveGrid had begun protecting against this particular attack starting around 11:26AM (UTC/GMT +02:00).
Sophos Intercept X (cloud) and Anti-eXploit (on-premise) endpoints, and XG UTM IPS automatically block the attack. Details are in the link.
SonicWall customers using Gateway Anti-Virus, Intrusion Prevention service, and Capture Advanced Threat Protection been protected on their networks from WannaCry ransomware and the worm that spreads it since 17 April, 2017. Since the release of the first version of the code, SonicWALL has identified several new variants and have released additional counter measures.​
The Check Point SandBlast Agent teamed with SandBlast for Firewall an amazing multilayered way to protect your network. SandBlast Agent defends endpoints with a complete set of real-time advanced protection technologies, including Threat Emulation, Threat Extraction, Anti-Ransomware, Anti-Bot, Zero Phishing and Automated Incident Analysis.
Fortinet solutions successfully block this attack.
  1. FortiGate IPS plugs the exploit
  2. FortiSandbox detects the malicious behavior
  3. Our AV engine detects the malware along with variants
  4. Our Web filter identifies targeted sites and appropriately blocks or allows them
  5. The FortiGate ISFW stops the spread of the malware
Tenable has several ways to help you know where your business is exposed so you can make informed decisions about what to do first to detect WannaCry and protect your business.