May 24, 2017

Protect your connected devices against ransomware!

Nearly one week on from the recent ransomware cyber-attacks we found that it had affected 20% of all UK Health Service Trusts; and whilst IT staff are working around the clock to minimise the damage caused and to patch the vulnerabilities to get services back up, questions are being raised – who is to blame?
WannaCry has now been found in many other countries and in many other environments where the vulnerability can be exploited. It is not just limited to the local network but across wider area networks – very worrying for unpatched legacy connected devices.

As an OEM building appliances to perform dedicated important tasks for your customers, can you be sure that your device is not vulnerable to a cyber-attack?
Legacy platforms will need to be protected from further attacks. The good news is that we have a solution to protect your connected devices now and into the future.

End Point Security

Guard your systems by only allowing defined whitelisted items to execute: Use an “application control” method that offers centrally administered whitelisting to block unauthorised executables on servers, corporate desktops, and fixed-function devices, thus dramatically reducing the attack surface for most ransomware.
McAfee’s Application Control software provides complete protection from unwanted applications and code from running — For an OEM you can fit the solution and forget it knowing that your solution us capable of blocking zero-day attacks, advanced threats, and targeted attacks without requiring virus definition updates. Application Control is compatible with all affected Windows environments as well as most Linux devices too.

Important to remember

As part of this attack execution, there is:

  1. A malicious “unknown application” (malware) running
  2. A “known good” application/binary, compromised and performing malicious functions as this virus uses an exploit of a Microsoft vulnerability.

The important thing to remember is that Application Control stops the initial “unknown” executable from running but also provides protection for the MS17-010 vulnerability that WannaCry uses. So if you're using App Control, you have existing protection without the need to patch your OS or update signatures.

Read more on this topic

Threat Advisory from McAfee Labs which includes a detailed breakdown of the malware, how it behaves and how to detect it: click here

KnowledgeBase article with more information on protecting against WannaCry: click here