On Friday, May 12th, 2017, the world was hit by a fast-moving Cryptoware infection, WanaCrypt0r. Over 81,000 infections were reported globally within 12 hours.
The attack forced 16 hospitals in the United Kingdom to shut down operations and stop admission of new patients. Telefonica, Spain’s largest telecom company, was hit and reported that the company would have to pay approximately $550,000 to unlock all encrypted files on their network. Banks, universities, utilities, telecoms, healthcare, and other industries all reported similar experiences worldwide.
Ransomware is a computer virus that encrypts files on computers. After a successful ransomware attack, criminals demand payment be made via Bitcoin, or other untraceable currency, before they will provide the decryption key necessary to unlock the files. Ransomware is distributed through phishing emails where an unsuspecting computer user clicks a link in what appears to be a legitimate email from a trusted source. When the link is clicked, the Ransomware is instantly installed on the user’s computer.
Once installed on the computer, this variant of WanaCrypt0r, WanaCry, spreads throughout the organization’s network by exploiting a known vulnerability in the Microsoft Windows operating system, infecting all computers on the network. Although Microsoft released a patch that resolved this vulnerability on March 14, 2017, computers that did not have the patch installed were still vulnerable to the malicious code.
A layered approach to IT security, included in our Complete IT managed IT program, kept Prosource customers protected and immune from WanaCrypt. At Prosource, we use a collection of tools to deliver the following five layers of protection:
Email Filtering: Our email filtering service scans incoming emails and prevents most phishing emails from ever hitting user mailboxes. This protects clients from the delivery mechanism for the WanaCry virus.
Web Filtering: If a phishing email gets past the email filter, our web filtering will block access to internet sites that are known to distribute malicious code. This blocks another entry point for the virus.
EndPoint Protection: Unlike most definition based antivirus products, which can only protect you from previously known viruses, our endpoint protection looks at the behavior of code and can block most Cryptoware
variants, including WanaCry.
Patch Management: WanaCry can only spread to unpatched computers. Prosource’s patch management system ensures that all your computers are always up to date with the latest security patches.
Backup & Disaster Recovery: Prosource’s backup and disaster recovery system creates hourly snapshots of your servers and data. In the unlikely event that Ransomware gets through our layered security, we can restore encrypted files within minutes without paying criminals.
For more information about how you can protect your business from ransomware, call our technology experts at 888.698.0763 or fill out the form here.