WannaCry
ransomware

Also known as WanaCrypt, WannaCrypt, or Wcry, WannaCry exploded across 60+ countries,
infecting hospitals, businesses, metro stations, universities, operators, and more.

How do we protect our customers against WannaCry?

To cut to the chase, F-Secure's solutions block WannaCry ransomware. Our endpoint products proactively prevent all in-the-wild examples of WannaCry and F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation.

We have detected the ransomware since its inception, meaning that protection was available to all F-Secure endpoint customers already before the outbreak. F‑Secure's endpoint solutions offer protection against ransomware outbreaks such as WannaCry on three layers to ensure that attacks can be stopped at multiple places along the attack chain.

F-Secure endpoint protection identifying WannaCrypt ransomware

Multiple layers of protection

Software Updater

F-Secure's integrated patch management feature prevents WannaCrypt from exploiting the EternalBlue vulnerability by automatically deploying related security patches.

Learn more

F-Secure Deepguard

F-Secure's Deepguard functionality provides host-based behavioural analysis and exploit interception that blocks WannaCrypt.

Learn more

F-Secure's Firewall

F-Secure's Firewall prevents WannaCrypt from spreading laterally in the environment and encrypting files.

F-Secure Radar

F-Secure's vulnerability management solution flags the missing security patch and vulnerable port 445 for immediate action by IT administrators, giving them time to address the vulnerabilities before the outbreak.

Learn more

Want to secure your business today?

Get in touch to learn more about how F-Secure protects you.

We don't wanna cry
Mikko Hypponen talks about the WannaCry ransomware outbreak at F‑Secure's annual SPECIES event for operator partners.

What should you do to protect yourself?

  1. Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
  2. Identify endpoints without the Microsoft-issued patches (4013389) with Software Updater and patch them immediately.
    • Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
    • Apply the patch from Friday, May 12th to Windows XP or Window Server 2003
    • In case you are unable to patch your endpoint(s) immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface.
  3. Configure your firewall to properly block traffic.
    • Block 445 inbound to all internal and internet-facing Windows systems to prevent workstations from getting infected.
    • Block 455 outbound from servers to prevent the servers from spreading WannaCry within the environment.
    • Alternatively, you can set F-Secure's Firewall policy to its highest setting, which has predefined rules to block the attack.

Interested in securing your organization against ransomware and other vulnerabilities?

Get in touch to learn more about our offering. Protect yourself before it's too late.

Other recent outbreaks

Petya Outbreak

Petya ransomware, also known as Petrwrap, has hit organizations all over the world. And just like WannaCry, it's completely seizing systems people rely on.

Read more