How the WannaCry Ransomware Event Happened

WannaCry-Ransomware-Event

WannaCry Ransomware attack event is the biggest cyberattacks  yet but only few people are equipped to deal with it: about 75 percent of CEOs rely on applications that are not approved by IT department.

A Senior Advanced Threat Research Analyst at Webroot has offered a few words of wisdom on the case, what we can do and the future of cyberattacks .

How it Happened

How does Webroot detect and prevent infection by WannaCry or other Trojans?

“We have proprietary detection systems in place. In the case of WannaCry, our Webroot SecureAnywhere (WSA) detected and blocked it just like any other malware that we see. What was unique about this malware was its distribution method.”

Does this mean that no customer running Webroot has been, or indeed will be, affected by WannaCry?

“It takes time to learn about every threat and learn how to protect against it. This being said, our call volume has not been impacted at all by this threat. However, if someone has an unpatched system, there is potential for infection due to the vulnerability within the OS mentioned. We also have other tools to assist in auto-remediating malware.”

Do you have evidence that the initial infection vector was email?

“While our threat teams are still actively researching the threat, we know it is propagating by probing and exploiting vulnerable systems.”

How to Avoid Ransomware?

Webroot offered tips for ransomware attacks in the near future.

  • Backup your data by creating physical disk backup or portable drive and secure it that is not connected to the computer.
  • Practice a good cyber hygiene by being cautious on clicking links, often change password, keep your system up to date and ignore unknown email senders.
  • Use antivirus software that can block malicious phishing sites and avoid free security.
  • Patch and update your device as often as possible for firmware updates that patches known vulnerabilities.

More Is Likely to Come… But Not as Bad

Here’s what Webroot says on possibility of similar hacks that might get worse in the near future:

“Malware authors tend to follow the leader. Being that WannaCry’s infection rates were so high, I am fairly positive we will  see copycat malware also using CVE-2017-0144 as a means of spreading in the near term. However, after being infected, most people tend to apply the necessary updates, in this case patching old systems, so I suspect malware using this vector will not be quite as successful. In addition, exploits as serious as this are of high value and fairly rare, so we really only see worms as prolific as this once every few years.”

We can hope that all endpoint security or threat intelligence services will continue keeping up all these cyberattacks . Keeping our security systems on par with the threats we’ll be able to squash each exploit attempts as it occurs in real time.

/by