Bitdefender next-generation machine-learning and memory introspection technologies ensure that Enterprises worldwide have always been safe from the Wanna Cry ransomware mega-attack and the underlying Eterna lBlue zero-day exploit the Wanna Cryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 machines in more than 100 countries.
The attack is particularly dangerous for businesses because it takes just one employee to become infected for the attack to spread in the entire network, and sometimes even across countries to other subsidiaries, without any user interaction. This happens because the ransomware has a worm component that leverages a recently discovered vulnerability, affecting a wide range of Windows operating systems, including 2008, 2008 R2, 7, 7 SP1.
The attacks have caused major disruption to hospitals, telecom companies or gas and utilities plants. Among the organisations that took the worst hits is the National Health Service (NHS) in the UK, to share just a few examples.
HOW WANNACRY WORKS
Traditional ransomware is still one of the most common threats for small to large businesses across the world. While it usually spreads via malicious e-mail attachments, browser or third-party exploits, WannaCry attack automated the exploitation of a vulnerability which is present in most versions ofWindows.
Why does it make it so dangerous? Simply because this allows a remote attacker to run code on the vulnerable computer and use that code to plant ransomware without any human and local action. This never before seen behavior makes it the perfect tool to attack specific environments or infrastructures,such as servers running a vulnerable version of the Server Message Block (SMB protocol).
Our next-generation machine-learning and memory introspection technologies ensure that our customers have always been safe from Wanna Cry, the world’s most aggressive piece of ransomware,AND will be similarly protected from the next such attack.
Customers using Bitdefender Gravity Zone and Bitdefender Hypervisor Introspection are protected from hour zero from this attack wave and they are not affected by this new family of ransomware as our products detect and intercept both the delivery mechanism and all variations of the Wanna Cry ransomware known to date.
Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage.
BD Software Distribution Pvt. Ltd. | Office: 162, 1st Floor, Satra Plaza, Plot No.19 & 20, Sector 19D, Vashi, Navi Mumbai – 400703 Contact: +91 8291705909 | [email protected] For this attack wave specifically, a machine learning model at the endpoint, developed by Bitdefender
labs in 2013 is able to detect and block this ransomware variant.
Moreover, Bitdefender’s revolutionary Hypervisor Introspection technology, unique on the security market, is able to protect virtual servers from the entry mechanism of these attacks (the MS17-010 exploitation technique, otherwise known as EternalBlue).
What is more important, Bitdefender Hypervisor Introspection was able to prevent the exploit of the vulnerability long before it was disclosed and patched by Microsoft.