#DontNeedtoCry – On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 machines in more than 100 countries.
The attack is particularly dangerous for businesses because it takes just one employee to become infected for the attack to spread in the entire network, and sometimes even across countries to other subsidiaries, without any user interaction. This happens because the ransomware has a worm component that leverages a recently discovered vulnerability, affecting a wide range of Windows operating systems, including 2008, 2008 R2, 7, 7 SP1.
The attacks have caused major disruption to hospitals, telecom companies or gas and utilities plants. Among the organizations that took the worst hits is the National Health Service (NHS) in the UK.
Why is this attack particularly dangerous among traditional ransomware attacks?
WannaCry automated the exploitation of a vulnerability which is present in most versions of Windows allowing a remote attacker to run code on the vulnerable computer and use that code to plant ransomware without any human and local action. This never before seen behavior makes it the perfect tool to attack specific environments or infrastructures, such as servers running a vulnerable version of the Server Message Block (SMB protocol).
Customers running Bitdefender are not affected by this attack wave.
Our next-generation machine-learning and memory introspection technologies ensure that our customers have always been safe from WannaCry, the world’s most aggressive piece of ransomware, AND will be similarly protected from the next such attack.
Endpoints running Bitdefender GravityZone are protected from hour zero against this attack wave and they are not affected by this new family of ransomware as our products detect and intercept both the delivery mechanism and all variations of the WannaCry ransomware known to date. Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage.
Moreover, Bitdefender’s newly introduced Hypervisor Introspection solution was able to prevent exploits of the EternalBlue vulnerability from hour zero as well, before it was patched by Microsoft. The solution is capable of detecting memory violations in the raw memory stack, without knowing the vulnerability beforehand, and can therefore effectively prevent the attack.