Over the weekend, there have been multiple alarming cases of data breaches and massive ransomware cyber-attacks. This have impacted many countries all over the world including Singapore. Shopping malls, schools, hospitals and many organisations became a victim of WannaCrypt attacks overnight. This attack rediscovers the security loopholes that many organisations are not aware of.
NUS, NTU networks hit by 'sophisticated' cyber attacks - http://www.channelnewsasia.com/news/singapore/nus-ntu-networks-hit-by-sophisticated-cyber-attacks-8840596
Tiong Bahru Plaza's digital directory hit by global ransomware attack: Mall operator - http://www.channelnewsasia.com/news/videos/nnacry-8846570
How was it stopped? My organization survived the attack last weekend, am I considered safe from breaches?
A security researcher has accidentally activated a "Kill Switch" which apparently stopped the WannaCry ransomware from spreading further. But the threat is not over. The kill switch has just slowed down the infection rate.
“Multiple security researchers have claimed that there are more samples of WannaCry out there, with different 'kill-switch' domains and without any kill-switch function, continuing to infect unpatched computers worldwide.” WannaCry 2.0 Ransomware arrives - http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
What should I do?
We have listed multiple solutions to tackle against malwares but none of it is fool-proof. It is certain that having a traditional anti-virus installed in your computer is no longer the ideal way to fully protect your computer.
Below are possible solutions that can consider to guard against malware.
Microsoft Office 365 Advanced Threat Protection
For current Office 365 users, you can add on Office 365 Advanced Threat Protection. With this, it protect your mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
Microsoft Windows 10
Upgrade to Windows 10 to get full support from Microsoft. They are constantly monitoring and updating their security patches to ensure that customers are protected. “Customers running Windows 10 were not targeted by the attack. Those who have Windows Update enabled are protected against attacks on this vulnerability.” https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Webroot delivers next-generation endpoint security to protect businesses using a smarter approach which harnesses the power of cloud-based collective threat intelligence to stop threats in real time.
Webroot SecureAnywhere does currently protect you from WannaCry ransomware. Although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before. https://www.webroot.com/blog/2017/05/13/wannacry-ransomware-webroot/
Ransomware is the number one malware attack affecting organizations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to business productivity. Sophos Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by ransomware—even trusted files or processes that have been hijacked. And once ransomware gets intercepted, CryptoGuard reverts your files back to their safe states.
The IT Edition is a must have tool for you! ShadowProtect® IT Edition provides you with ability to backup any system, including the operating system, applications and data, and save it to an external storage device. It allows you to recover a single data file in seconds or restore a complete system in minutes. No installation, No rebooting – Unlimited use (during the subscription period).
Acronis True Image New Generation comes with Active Protection which is an advanced ransomware protection technology. It actively protects all of the data on your computer – documents, data of all types, and your Acronis Backup Files. Encryption is detected on protected instances and will be halted upon detection. Any data that was exposed and encrypted before the process was halted can be recovered.
Fortinet’s top-rated FortiSandbox is at the core of the Advanced Threat Protection (ATP) solution that integrates with Fortinet’s Security Fabric to address the fast moving and more targeted threats across a broad attack surface. Specifically, it delivers real-time actionable intelligence through the automation of zero-day, advanced malware detection and mitigation.
Contact InnoQ if you wish to enquire more. Stay protected today!