ALERT - WANNACRY SOLUTI0NS
Need More Information or More Help, fill out the form below and we will get back to you.
The Wannacry ransom malware continues to wreak havoc globally. While it is unique in it's scale, it is still typical of most ransomware and subject to the same mitigation's.
A popular vector for ransomware attacks is malicious email campaigns so the most important mitigation is prevention. Be paranoid! If the email appears suspicious in any way, then either upload the entire email or just the attachment to the Virus Total. Virus Total is a free scanning service that will compare files and URLs against all major Anti-Virus vendors:
Ransomware works by encrypting your files and then charging you money for the decryption key. That said, if you maintain an offline backup of your important files then you can save yourself some money by restoring the lost files. Next you need re-image/reinstall your operating system to ensure removal of the malware.
This should go without saying, however make sure your systems are up-to-date on security patches. Many times malware will exploit dated vulnerabilities that could have easily been prevented by staying current on updates.
If you were unsuccessful in preventing malware installation and your files are NOT backed up, then the first step should be to remove your computer from the network immediately so as to prevent possible malware propagation. From here you have one of two options: pay the ransom or decrypt the files yourself. The latter option assumes there is an available decryptor for the particular malware variant. Ransomware decyptors can be found with a Google search.
If you decide to pay the ransom, then the quicker the better as many times the ransom will increase the more time goes by. The ransomware instructions often have detailed instructions on how to do so.
The only silver lining is that if you decide to pay the ransom, then chances are you will receive the key to decrypt your files. The ransomware industry relies on ransom payments so they have a vested interest in following through on their part of the deal.
Link to Microsoft's Security Update for Microsoft Windows SMB Server
The following link lists mitigations (SNORT and YARA rules) and indicators for the current WannaCry malware campaign.
Introducing the Wapack Labs Cyber Threat Analysis Center (CTAC 1.0)
Information security professionals are swamped with data. CTAC helps you make sense of that data and produce real intelligence quickly and conveniently.
- Monitor threats against your networks and your supply chain in a single console.
- Compare malicious activity directed at you against what is happening with your peers, across your industry, or across all industries.
- Compare what is happening to you today against five years of historical data.
- Analyze malware and other technical intelligence without needing staff with advanced technical skills.
- Create your own dashboards; every output can be as individualized as you need it to be.
Keeping your business secure is more than a firewall, more than a data feed, more than a box. Wapack Labs has been showing companies how to stay safe for years.
By going deep into the internet underground, we observe cyber activity and trace it back to sources.
The human approach “fuses” our proprietary information using deep analysis techniques and visualization to help get you to “left of kill chain”, better risk management information and clear situational awareness.
Our “alerting” process mitigates risk by providing longer lead time for network protection through target reports and victim notifications.
SOLUTIONS TO FIT YOUR NEEDS
CYBER THREAT INDEX®
Track real time threats to your company, your suppliers, or your investment portfolio.
Targeteer is a legal, active, intelligence driven process of identifying,
disrupting, or degrading an attacker’s ability to carry out attacks on our
customers and their targets.
A private social environment for exchanging cyber security information, advice and defensive strategies.
& Endpoint Detection
Wapack Labs partners with best in breed managed security service providers, endpoint monitoring companies and professional service providers to provide 24x7 monitoring with incident response.
A cyber threat intelligence API developed by Wapack Labs. Indicators are analyzed and ranked by confidence from 0% to 90%..
Threat Intelligence University
Train up to 20 employees in a two day, onsite classroom session, plus one online advanced analytics session, and weekly online refresher sessions for 90 days. Wapack Labs general intelligence subscription.