Protecting Your Organization from the WCry Ransomware

WannaCryptOr Ransomware

WannaCryptOr or "WannaCry" is a new family of ransomware (a cybersecurity threat class that locks computer files and systems unless a payment is made). This threat class is estimated to have cost organizations an estimated $1 billion in ransoms, as attack volume increased 100x from three years ago. This particular family has quickly become major news around the world as its impacts have gone well beyond the financial sector.  In arguably the most serious instance, WannaCry impacted multiple sites of the UK National Health System; in certain cases, this resulted in facilities urging patients to only come for life threatening emergencies. 

Critical Update: WannaCry Ransomware

Critical Update: WannaCry Ransomware

Ulteriori informazioni
Mapping del panorama del ransomware

Mapping del panorama del ransomware

Ulteriori informazioni
WP Fortinet Security Fabric

WP Fortinet Security Fabric

Ulteriori informazioni

A few aspects make this version of ransomware particularly dangerous (more details here):

  •  It exploits a Microsoft Windows vulnerability only recently released to the public and applicable to multiple OS versions including “out-of-support” Windows XP-based systems that did not originally get a patch from Microsoft
  • After infection, it not only encrypts the individual system but aggressively looks for other systems it can reach and compromise
  • The malicious code is modular in nature, making it especially easy for the attacker to quickly change and avoid reactive identification

Fortunately, there are several preventive measures that organizations can take to limit the impact of ransomware such as this:

  1. Timely Vulnerability Management to prevent the unauthorized install of malicious code
  2. Effective Threat Protection Systems to stop unauthorized malicious code reaching the vulnerable system
  3. Advanced Threat Detection Mechanisms to detect zero-day attacks
  4. Granular Network Segmentation to contain initial compromise
  5. Routine Backup to recover data without paying ransom

Security Recommendations

The above security best practices are possible with the Fortinet Security Fabric.  For WannaCry ransomware, the following Security Fabric elements have capabilities to detect, prevent, and mitigate: 

  • Secure Email Gateway (FortiMail) – Malware and URL Scan
  • Next Generation Firewall (FortiGate) – IPS, APP Ctrl, Malware Scan, IP Botnet, Segmentation
  • Endpoint Protection (FortiClient) – Vulnerability and Malware Scan
  • Advanced Threat Protection (FortiSandbox) – Behavioral Analysis
  • Analytics & SIEM (FortiAnalyzer/FortiSIEM) – Event Correlation


For more information about ransomware, please visit our Ransomware Solution Page.   

For more information about Fortinet solutions to help stop ransomware, please visit our Enterprise Solutions Page.

WannaCry (MS.SMB.Server.SMB1. Trans2. Secondary. Handling. Code. Execution) and Other Attacks Tracked Live on the Fortinet Threat Map

Powered by Translations.com GlobalLink OneLink Software