Stop Ransomware Now!

Over the weekend of 12 May 2017, banks, utilities, telecoms, healthcare and other industries worldwide have reported incidents of infection of global ransomware - dubbed WannaCry. This is an active incident that is still underway. The ransomware has also been observed hitting and impacting more than 200,000 systems in 150 countries.

The ransomware attack was orchestrated using a malware called Wanna Decryptor, also known as WannaCry. This ransomware variant appears to be taking advantage of a known and patched windows vulnerability, encrypting important data and demanding each user affected pay in cryptocurrency (Bitcoin) to have files decrypted.

The effectiveness of this attack is particularly powerful because WannaCry is not just a ransomware program, it's also a worm and can move around the network to other connected Windows machines by itself. This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as possible.

Take immediate steps to apply the MS17-010 Microsoft patch.

As terrifying as the unprecedented global ransomware attack was, the full extent of the attack could pivot to another variant especially if organisations don't take additional steps to protect themselves.

Other precaution includes being suspicious of uninvited documents send through email and not clicking on links inside these documents unless you have verified the source. Further, always make backup of your important files and documents for restoration if required.

For ransomware, StarHub’s Managed Endpoint Detection and Response (EDR) Solution, powered by enSilo's technology, can help to protect against WannaCry, EternalBlue exploit and advanced ransomware out-of-the-box through our in-depth inspection of operating system instructions.

EDR is a category of tools and solutions that focuses on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. This solution can spot and block the WannaCry attack since it was an unmapped executable (i.e., an unrecognized or disallowed file) - a floating file which is a violation of the operating system normal procedures.

StarHub’s Managed EDR solution protects against threat actors from exfiltrating your data and performs:

• Behavioural analysis of actions that post potential threat to data
• Real-time threat detection at OS-level
• Real-time retroactive review - down to source
• Frictionless security; continuing work even on compromise system

Cyber Security Agency's SingCERT (Singapore Computer Emergency Response Team) has issued guidelines if systems are infected with ransomware:

• Remove the Network connection from your Computer. This could be done by removing your network cable or shutting down the wireless function on your computer. By doing so you are preventing the spread of this ransomware.
• Start rebuilding your effected computer, be it laptop or workstation.
• After you have rebuilt the infected workstation, patched it with the recommended patch and restore your system from the backup you have made.

For further advice, businesses can reach out to StarHub or SingCERT.

Organisations should adopt a proactive approach towards cyber security rather than a reactive stance. As part of cyber security best practices, businesses need to take a 360 view of their holistic security architecture beyond a single point of protection. Some of the best practices to adopt include:

• Preparing and protecting against a breach by having on hand usable threat intelligence and actively managing vulnerabilities. A successful cyber security defence plan would include well trained security personnel to defend and detect intrusions from perimeter defence down to end-point to handle potential threats.
• A robust cyber security operations would encompass Network Security, Web Security, Cloud Security and End-Point (including mobile) Security.
• Organisations need to be able to respond and recover effectively by employing active defence strategies and actively managing security incidents. Basic hygiene such as patch management and backup are essential as well as having an incident response plan to handle everything from a zero-day vulnerability to a large-scale breach.

To learn more about how StarHub can help strengthen organisation’s security posture, or to know more about EDR protection against ransomware, please contact your account manager or call 1800 888 8888 or email business@starhub.com.

Follow StarHub Business on Linkedin for the latest business updates.