Over the weekend public and private organisations across the globe were targeted by sophisticated ransomware. The National Health Services in the UK, the German national rail network and companies like Fed Ex were just some of the major victims.
The full scale and impact of the attack in Australia is yet to be understood.
What is Ransomware?
Ransomware is a popular method of attack used by cyber criminals whereby malicious links are spread in email attachments or PDFs. As employees interact with the attachment the ransomware spreads throughout the organisations network. In this instance a hacker group called the ‘Shadow Brokers’ have deployed a piece of ransomware called WanaCrypt. WanaCrypt has been the largest and most destructive ransomware attack in internet history.
WanaCrypt is a malicious software that blocks access to data by encrypting files on computers and servers until a ransom is paid.
Infected businesses are subjected to a loss of revenue, data breach legislation, long periods of disruption and limited capacity to operate business as usual. However, the consequences of such attacks can be far worse than the disruption of business and loss of revenue. These attacks can seriously damage our public services and infrastructure. WanaCrypt has resulted in NHS staff using notepads and pens to keep the lights on, however without access to operational systems and data, public safety is at risk.
Palo Alto ahead of the game
Good news for our Palo Alto customers!
The Palo Alto Next Generation Security Platform already created, delivered and enforced protections from the WanaCrypt attack. Palo Alto’s prevention based approach has successfully and automatically stopped the threat across the attack life-cycle.
Palo Alto Networks customers are protected through prevention controls across the Next Generation Security platform such as:
- Threat Prevention – enforces IPS signatures for the vulnerability exploit (CVE- 2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
- URL Filtering – monitors malicious URLs used and will enforce protections if needed.
- GlobalProtect – extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.
For enhanced protection Palo Alto recommend adding:
- WildFire – classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
- Traps – prevents the execution of the WanaCrypt malware on endpoints.
Palo Alto customers
Ask your Account Manager if your instance of Palo Alto includes the WildFire module.
Enablis strongly recommends upgrading to include WildFire.
WildFire goes beyond legacy approaches, used to detect unknown threats, bringing together four independent techniques for the analysis and prevention of unclassified malware. In this instance of WanaCrypt, WildFire had successfully identified the ransomware as a potential threat and blocked it from reaching Palo Alto users.
At a minimum Enablis strongly recommend checking that all windows machines including; PCs, laptops, servers and remote users in your environment have been updated.
Ensure that you install Microsoft Security Bulletin MS17-010 on all devices in your estate and further to this please review your Windows patching policy as we expect similar incidents in the future.
The IT security landscape is constantly evolving if you have any concerns about the vulnerability of your networks and systems please contact us on – 02 8272 4000, Sydney or 03 8199 4100, Melbourne.
At Enablis we create bespoke, best of breed, security solutions tailored to your organisation all wrapped up as a friendly managed service so you can sleep at night.
Jon Evans, CEO