The WannaCry ransomware has been at the top of the news cycle for the past few days as organizations in the UK, Spain, the US and Asia have been targeted. In the initial hours of the global attack, 61 UK Nation Health Services organizations were affected.
Ransomware infects computer systems and makes file systems inaccessible for users. To restore your access to these files, users must pay a fee. For critical systems, such as those in healthcare, that store patient information, this denial of information can easily impede health services. Ransomware has existed for several years with most of the initial infections occurring via email attachments or links contained in email.
Given the prevalence of this attack in the news, Eastwind Networks is providing an overview of the capabilities we have in place to protect your information and what we have done to date.
First, our detection and protection of the related ransomware includes the following three areas:
Network Intrusion Detection System (NIDS) alerts
Our Breach Analytics Cloud sends NIDS alerts covering the vulnerabilities and TOR traffic to notify and protect our customers.
Our Threat Intelligence
Our cyber threat intelligence includes numerous indicators related to this activity by both IP address, host names, and file hashes. Any matches will result in IP Blacklist alerts or category malware alerts.
If you are a customer of our DNS service, we are blocking the related malicious domains; however, allowing the killswitch domain that shuts down the initial variant of the malware.
Second, the Eastwind Networks Labs team took the proactive step of reviewing client activity for the past 30 days and will continue to remain vigilant for evidence of the WannaCry activity.
Finally, we want to ensure our clients are aware that Microsoft has released patches and guidance for the vulnerabilities in question back in March of 2017. More information about Microsoft’s responses, support and patches are available here.
To learn how Eastwind can provide these capabilities to project your information, on and off premise, get started here.