In News

WCRy Description

On 12 May 2017, an extremely virulent ransomware variant named WCry 2.0 (also called WannaCry, WanaCrypt0r, and WannaCrypt) began to infect many victims across the world. Within several hours, over 75,000 victims were reported in 90+ countries, including hospitals in the UK and other countries.

Initial analysis of the ransomware appears to show it spreading via MS17-010, a critical SMB vulnerability in the Microsoft Windows operating system that was recently disclosed as a part of the Shadow Brokers dump of NSA hacking tools. It is believed though, that the ransomware is first delivered via email.

For WatchGuard customers, both Gateway AntiVirus (signature: Ransom_r.CFY) and APT Blocker detect and block the ransomware payload. Malware authors are known to repack their variants regularly however, which could evade signature-based detection like Gateway AntiVirus. APT Blocker’s sandbox-based detection will continue to detect and block future variants. Additionally, IPS can detect and block exploitation of the MS17-010 vulnerability (signatures: 1133635, 1133636, 1133637, 1133638).

IT administrators should install the latest Windows security updates to resolve the MS17-010 vulnerability.

WatchGuard Users

Many of WatchGuard’s Firebox defences can help:

  • Gateway AntiVirus (GAV) does catch many variants of this new ransomware
  • More importantly, APT Blocker’s behavioural detection can catch all seen strains of WCry. APT blockers capabilities mean that it can detect and prevent new strains of any malware which may temporarily evade GAV.
  • Finally, our Intrusion Prevention Service (IPS) can catch the NSA leaked vulnerability that this ransomworm uses to spread internally.

Importantly, users of WatchGuard APT Blocker were able to concentrate on patching knowing that they were being protected at the gateway. Uniquely, APT Blocker uses a cloud-based isolation and inspection approach to interact with malware and see every behaviour the malware exhibits. Any malicious object used to attack member of the APT Blocker install base is immediately known to all members significantly improving your detection and accuracy rates.

How to Licence these Add-ons

In order to licence WatchGuard APT Blocker the active licence MUST include Gateway Antivirus, the following describes the upgrade options:

Basic Support

Upgrade to either:

  • Basic Security Suite plus APT Blocker –
    • Basic Security Suite includes: Gateway Antivirus and Intrusion Prevention Service, Web Blocker, and Spam Blocker
  • Total Security Suite
    • Total Security Suite includes: Basic Security Suite plus APT Blocker, Threat Detection and Response, DLP, and Dimensions Command

Basic Security Suite

Upgrade to either:

  • APT Blocker add-on only; or
  • Total Security Suite
    • Total Security Suite includes: Basic Security Suite plus APT Blocker, Threat Detection and Response, DLP, and Dimensions Command
Claranet Cyber Security

The Claranet Cyber Security Difference

When it comes to maximising WatchGuard products and integrating robust and secure solutions, Claranet Cyber Security has the edge. Designed to meet the needs of specific sectors, types of organisations, and compliance standards, our tailored solutions are trusted by leading private and public sector organisations throughout the UK.

Get in touch to find out more

    To find out how we use your personal data for any enquiries, please read our privacy policy.

Start typing and press Enter to search