How do we protect our customers against WannaCry?
To cut to the chase, F-Secure's solutions block WannaCry ransomware. Our endpoint products proactively prevent all in-the-wild examples of WannaCry and F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation.
We have detected the ransomware since its inception, meaning that protection was available to all F-Secure endpoint customers already before the outbreak. F‑Secure's endpoint solutions offer protection against ransomware outbreaks such as WannaCry on three layers to ensure that attacks can be stopped at multiple places along the attack chain.
Multiple layers of protection
F-Secure's integrated patch management feature prevents WannaCrypt from exploiting the EternalBlue vulnerability by automatically deploying related security patches.
F-Secure's Deepguard functionality provides host-based behavioural analysis and exploit interception that blocks WannaCrypt.
F-Secure's Firewall prevents WannaCrypt from spreading laterally in the environment and encrypting files.
F-Secure's vulnerability management solution flags the missing security patch and vulnerable port 445 for immediate action by IT administrators, giving them time to address the vulnerabilities before the outbreak.
What should you do to protect yourself?
- Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
- Identify endpoints without the Microsoft-issued patches (4013389) with Software Updater and patch them immediately.
- Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
- Apply the patch from Friday, May 12th to Windows XP or Window Server 2003
- In case you are unable to patch your endpoint(s) immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface.
- Configure your firewall to properly block traffic.
- Block 445 inbound to all internal and internet-facing Windows systems to prevent workstations from getting infected.
- Block 455 outbound from servers to prevent the servers from spreading WannaCry within the environment.
- Alternatively, you can set F-Secure's Firewall policy to its highest setting, which has predefined rules to block the attack.
Other recent outbreaks
Petya ransomware, also known as Petrwrap, has hit organizations all over the world. And just like WannaCry, it's completely seizing systems people rely on.