“Wanna Cry” Ransomware Outbreak

Polar SystemsPolar Systems Blog

last week some scary ransomware started infecting hundreds of thousands of computers around the world.   We’d like to use this as a time to remind you to never open attachments or follow links from unknown or untrusted sources.  Tricking users into following a malicious link is still the number one method for getting ransomware and other malicious software installed on workstations and now is a time to be even more vigilant.
Below we will try to answer some of the most common questions we’ve received from customers about this threat so far:

What is this new threat everyone is talking about?
People are referring to it by a few names including “Wanna Cry” and “Wanna Crypt”. It is a piece of malicious software referred to as ransomware that encrypts users files and then displays a message informing them that they must pay money to an anonymous account if they want the software to decrypt their data.  This is not a new type of threat, forms of this have been around for several years.  This specific version uses several methods to find its way onto target machines.  Most notably, it has a “worm” component that allows it to infect systems without tricking end users into clicking on anything first. This is what is making it particularly scary in the news.

What are some ways we are protecting our customers?

1.  Patch Management
The vulnerability used by Wanna Cry to allow it to infect an endpoint, without having to trick a user into performing an action, was addressed in patches released by Microsoft in March.  Polar Systems approved these patches and they were deployed to workstations and servers.

2.  Sensible firewall rules
The above mentioned vulnerability and patch is for a very specific form of windows file sharing that no Polar Systems customer has exposed to the Internet from their office locations.  It is impossible for Wanna Cry to use this method to reach out across the Internet to your office and infect your systems.

3.  Mail Filtering
Another method for Wanna Cry to infect a workstation is to trick a user into downloading it.  Customers that use our mail filtering solution are protected through malicious URL filtering, impersonation protection, and anti-spoofing policies.  Our mail filtering will block attachments that contain executable code before they even reach your mail server, and it will warn you if you attempt to follow a link in an email to a site that is known to distribute malicious software.

4.  Anti-Virus software
Customers that use our antivirus software can be assured that it has been keeping us up-to-date with direct protection against this exact threat around the clock since its first discovery.  They have been testing their agents against every variant of the “Wanna Cry” software found and releasing real-time updates as needed to maintain protection.

Polar Systems believes strongly in using a multi-layered approach to protecting you against this and other threats, because the real world isn’t a laboratory. Things fail and when they do we’ve engineered as much redundancy as possible into keeping you safe as you go about your daily tasks.   While we work tirelessly to protect our customers from these threats, it is imperative for all of us to exercise appropriate caution when interacting with the wild west that is the Internet and each do our part to avoid accidental clicks or mistakenly followed links.

Didn’t somebody find a “kill switch” for this already?
A very noteworthy bit of news is that a “kill switch” has been discovered for “Wanna Cry” and the global replication of the software has been dramatically slowed.  This does not mean the threat is completely gone, it does not mean a new one wont be in the news tomorrow, but it is a welcome bit of positive news.

If you have any questions or need more information around protecting your business from these types of threats, please give us a call at 503-775-4410 or email sales@polarsystems.com