“WannaCry is spreading throughout the world on an unprecedented scale. The official figures currently circulating indicate 250,000 infections in 150 countries worldwide. However, the estimated number of devices affected by the ransomware is far higher, as companies and authorities are looking to avoid the damage to their reputation that would occur by disclosing they have suffered a cyber attack,” says Harald Reisinger, Managing Director of RadarServices, Europe’s leading provider for IT security monitoring and IT risk detection.

The Microsoft vulnerability exploited by WannaCry has been known about since the beginning of February 2017. Since that date, RadarServices has been actively making its customers aware of the potential problem. This important vulnerability detection eliminated the risk of being affected for them.

Ad hoc service: a free information service for emergency and preventive measures for companies

Because companies are exposed to an acute risk if they are not yet using continuous IT security monitoring services, including continuous vulnerability assessments, RadarServices is providing free information with regard to both preventive and emergency measures to companies of all sectors. IT security responsibles can contact us to take advantage of the ad hoc service from the IT security experts. If one or more devices are already affected, a brief description of the specific status quo within the company would be useful as a basis for help by the experts.

RadarServices is also offering webinars run by experts specialising in ransomware to all interested parties. The next webinar takes place on Wednesday 17 May 2017 at 11 a.m. (European time). You can find all information regarding times and registration at Events.

Background information on “WannaCry”

WannaCry (also: Wcrypt, WCRY, WannaCrypt, Wana Decrypt0r 2.0) is a malware for Windows. The ransomware encrypts the user files on an infected PC and uses the SMB protocol to try to infect other PCs in the local area network and on the Internet. The initial spread is caused by infected e-mails. The malware prompts users to pay a bitcoin ransom. The global spread of WannaCry has been active especially since Friday 12 May 2017.

Preventive measures for companies

Companies can successfully avert ransomware attacks right from the start. There are three automated IT risk detection modules available:

  • “Advanced Threat Detection” (ATD): The attachments of all incoming e-mails and all web downloads, without exception, are analysed in “shielded” environments (known as sandboxes). If malware is discovered, the e-mail is halted or the web download stopped. This also successfully averts the ransomware attack right from the start.
  • “Network Behavior Analytics” (NBA): The module makes it possible to detect suspicious activities on the network. In the case of ransomware, for example, this is network traffic to the trojan command & control servers on the Internet. If ransomware is already active on the network and users have yet to notice it, NBA will make this visible.
  • “Vulnerability Management and Compliance” (VMC): This vulnerability detection continually evaluates whether IT systems are exhibiting vulnerabilities, as well as whether the precautions taken to repel the ransomware have been effectively implemented throughout the organisation. For example, constant checks are made to establish whether updates have been loaded for operating systems, browsers and other applications. The gateways for ransomware invaders are closed by continuous vulnerability analysis and consistent elimination of loopholes.