WannaCry/Wncry Attack, Lionic Security Solution Come in Handy!

May 17th, 2017 Posted by Uncategorized 0 thoughts on “WannaCry/Wncry Attack, Lionic Security Solution Come in Handy!”

What is WannaCry/Wcry?

How WannaCry works on Friday, May 12, a massive ransomware attack called “WannaCry” hit a broad set of organizations in Europe.

The Shadow Brokers leaked a bunch of NSA hacking tools onto the Internet. One of these tools is called EternalBlue, which is a perfect exploit for creating a Windows worm – software that attacks a Microsoft windows vulnerability and then installs on the next dispersed windows system as it traverses the Internet.

WannaCry is the first piece of ransomware ever to propagate using this kind of worm technology.

 

 

How WannaCry works?

The WannaCry virus is known as a worm. A worm equipped with the right exploits can infect other computers on the same LAN. The malware just uses operating system’s network communication capabilities to send certain message to “all computers on the same network”.

Due to some unexpected properties, the message confuses communication-handling system to mistake incoming data for executable code. And the executable code loads malware to that machine instead of its user manually clicking a normal executable file.

What is the difference between WannaCry and traditional ransomware?

A system can be infected with WannaCry without the user doing anything is the biggest difference between WannaCry and traditional ransomware. Additionally, not only PC can be infected from WannaCry but also non-PC devices (ex. ATM and other Embedded Windows based devices).

How do I protect my files from WannaCry?

  • Use Lionic Security Solution
    • Protected from the initial malware by Lionic Security Solutions.
  • Patch Windows Machines
    • Ensure that the MS17-010 security update is installed on all Windows machines within an organization.
    • Open the Control Panel (you’ll find a link in the Start menu) and search for Windows Update. There should be a button ‘Check for updates’ which you can click to force Windows to search and install critical updates.
  • Disable SMBv1
  • Block Unnecessary Ports
    • Block port 135、port139 and port 445 by end-point firewall
  • Don’t Open Suspicious Email or Attachments
    • Be suspicious of emails from unknown senders containing Office documents, PDFs and Java Scripts, or any other suspicious attachments.
  • Have a Backup Strategy
    • Take an offline backup by USB drive or external hard drive. (NAS is a kind of online backup solution, not an offline solution)

What Lionic Security Solution can do?

WannaCry virus can infect other computers on the same LAN without user doing action. Generally, ransomware could go through the Internet to attack your PC and encrypt your files or through the USB device to infect your PC & non- PC devices (ex, Embedded Windows based ATM…).

The first infecting pathway of WannaCry

 

The second infecting pathway of WannaCry

 

With Lionic Security Solution, ransomware cannot go through the Internet to attack your PC or non-PC devices (ex, Embedded Windows based ATM…). The gateway devices with Lionic security function are protected right now.

Lionic Security Solution blocked the malware at the first line

 

 

Lionic Security Solution blocked the malware at the first line

About Lionic

Lionic is the leading company of Networking Security Solution on network gateway. Lionic was founded in Nov. of 2003, and is now located in science-based industrial park in Hsinchu, Taiwan.

The core technology of Lionic is DPI(Deep Packets Inspection). With Lionic’s DPI engine, the network gateway can scan all the packets deeply into L7-application level payload to detect the threats likes viruses, malicious websites, hacker’s intrusion, and identify applications and devices information.

Posted on 2017/5/17 By Lionic Mkt Dept.

Our Company
Lionic - The leading network security solution provider
鴻璟科技 - 網路安全方案的領導廠商