On reading a recent article, I was reminded that, like other malware, wannacry is still out in the wild. It still accounts for 29% users targeted by ransomware even if the overall numbers are down year on year. What is surprising is the fact that even being high profile, so many systems are being infected still.
Wannacry spreads like a worm, moving from host to host across the network looking for vulnerable systems. While Microsoft has patched the SMB exploit used by wannacry, not every system has been patched which maybe explains the persistent infections.
So how can you find whether you’re vulnerable and even spot viruses like wannacry as they try to spread across your network? There are three simple actions to take:
Firstly, maintain a detailed, up-to-date inventory of all your systems. In large networks asset management systems rely on scheduled scanning to discover and classify systems. Even if done frequently, it may still miss laptops and other mobile systems that frequently connect and disconnect from networks. These systes could therefore be potentilly un-patched.
Secondly, run some simple vulnerability checks on the operating system and install up-to-date antivirus pattern files. While this advice is available anywhere, the trick is knowing that you are covered and can verify it.
Thirdly, deploy network telemetry. This way you can see which systems may already be infected, but may not yet have the encryption payload activated. You can then either manually or, with the right systems, automatically remove the infected systems from the network to prevent further infections.
Rebasoft can assist with all these elements, not just protecting you from wannacry, but helping overall with continuous, automated risk assessment.