WanaCrypt ransomware update from Palo Alto Networks

Given the extensive impact to organizations around the globe with the recent WanaCrypt0r ransomware attacks, we wanted to share some steps that you can take to protect your organization against WanaCrypt0r ransomware and defend your systems against future attacks.

Below are details on protections against WanaCrypt0r and how Palo Alto Networks’ Traps Endpoint solution can help protect your organization against this global ransomware campaign as part of our Next-Generation Security Platform.

Update your Microsoft Windows software

First, we strongly recommend that you install the most recent Microsoft Windows SMB security update MS17-010 as soon as possible if you haven’t done so already. If your organization is running on Windows software that is no longer supported, Microsoft has taken the step of providing patches for these versions, including Windows XP. We strongly urge making deployment of this security update a priority (link to Microsoft guidance here).

Traps Protections Against WanaCrypt0r

With Palo Alto Networks’ Traps multi-method prevention approach, WanaCrypt0r is prevented at several points in the early stages of an attack. In cases where the initial malware is successfully delivered to the endpoint, Traps automatically blocks the execution of the WanaCrypt0r malware at multiple points via the following actions:

• Cross referencing the WildFire Threat Intelligence Cloud for known malicious samples of WanaCrypt0r (enabled by default)
• Examining hundreds of characteristics of the file with local analysis via machine learning (enabled by default)
• Submitting the unknown executable to WildFire for full inspection and analysis (automated, no action needed)
• Configuring Execution restrictions so that known locations and executables associated with WanaCrypt0r are blocked (needs to be configured)

In addition to the above prevention methods, Child Process Protection offered in Traps v4.0 prevents several techniques used by WanaCrypt0r to propagate across a victim’s network.

For this reason, we recommend that customers update to the latest version of Traps.

For more details on the protections that Traps provides against WanaCrypt0r, please see our blog post here.

Additional Resources on Ransomware Prevention

For additional information about WanaCrypt0r ransomware and the prevention controls offered across our Next-Generation Security Platform, please read our blog, which we are updating as more information becomes available about these attacks.

Also note that our AutoFocus solution is actively tracking WanaCrypt0r samples and IOCs. To learn more about preventing ransomware, please visit the following articles:

• Live Community – Best Practices for Ransomware Prevention
• Ransomware Prevention: What Your Security Architecture Must Do 
• What is Ransomware?