Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Admin
Admin

WannaCry- Stopped with Check Point SandBlast Agent

On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryptor ransomware. We have reports that multiple global organizations are experiencing a large scale ransomware attack which is utilizing SMB to propagate within their networks. The infection vector can present itself in multiple ways, such as a link within an email, or a link within a PDF, or as a password encrypted ZIP file which contains a PDF which starts the infection chain.

Check Point offers the following protections for WannaCryptor

  • Network Protections (SandBlast)
    • Threat Extraction and Threat Emulation
    • Anti-Bot/Anti Virus
  • Endpoint Protections (SandBlast Agent)
    • Threat Extraction and Threat Emulation
    • Anti-Bot/Anti Virus
    • Anti-Ransomware

General Protections

  • Windows machines should be patched for vulnerabilities discussed in Microsoft Security Bulletin MS17-010 – Critical Security Update for Microsoft Windows SMB Server (4013389)  https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Ensure a backup is available that is not shared on the network
  • Block encrypted password protected attachments from email gateways

The Check Point Incident Response Team is monitoring the situation closely and is available to assist customers.

The following sections provide detail that Check Point customers can use to understand how the company’s solutions can be leveraged to analyze, report and prevent the elements of the attack. And to learn more about ransomware in general, click here.

The video shows Check Point blocking and restoring a system infected with the ransomware

Tags (1)
0 Replies