Security firm Sophos has issued a detection update for its customers after the WannaCry ransomware attack last week on Friday. The malware is reported to have effectively disabled over 200,000 computers running on Windows operating system in over 150 countries.
According to SophosLabs, WannaCry mimics an old school computer insecurity technique where viruses swept files through the internet. It adds that this the attack was a first recent example of commercial malware attacks that hit thousands of computers using ransomware techniques.
WannaCrytor also known as (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r and Wana DeCrypt0r) encrypted files and changed their extensions to: wnry, .wcry, .wncry and .wncrypt. The ransomware then presented a window to the user with a ransom demand.
The ransomware which demanded USD 3,000 in bitcoin otherwise affected users risked losing their files, took advantage of an exploit allegedly leaked from the US National Security Agency (NSA) and used a variant of the ShadowBrokers APT EternalBlue exploit.
Read>> Ransomware – Should you pay?
Sophos says customers using Sophos Intercept X or Sophos Exploit Prevention (EXP) were protected proactively against the ransomware behavior from the first instance. Those using the IPS rules in the company’s XG firewall would have been protected from the exploit spreading the infection from outside their firewall.
The company has since added identities and generic rules to their Sophos Endpoint Protection since then to block all known and potential future variants of the malware. Windows customers are advised to deploy the Microsoft patch that mitigates the underlying vulnerability in the Windows operating system.
“It is imperative that businesses everywhere update their operating systems, their security software and educate their users against phishing attacks. This is a best practice to reduce the risk from any attack in case of any other variants that might come up”, Harish Chib, Vice President, MEA, Sophos said.
WannaCry is the most high-profile example of a type of attack that security analysts had predicted would surge in 2017 after a substantial uptick in such attacks in 2016. Locally, ICT Cabinet Secretary Joe Mucheru said the government was keenly following on the encryption malware. He went further to reassure the public that government computer systems and network were not affected by the attack.
Investigations into the WannaCry ransomware attack are currently ongoing with latest reports indicating that the ransomware has lines of code that are identical to work by The Lazarus, a hackers group that have been linked to North Korea. This has raised suspicions that the nation could be responsible for the attack.
Featured Image source: blog.krollontrack.co.uk