On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 machines in more than 100 countries.
The attack is particularly dangerous for businesses because it takes just one employee to become infected for the attack to spread in the entire network, and sometimes even across countries to other subsidiaries, without any user interaction. This happens because the ransomware has a worm component that leverages a recently discovered vulnerability, affecting a wide range of Windows operating systems, including 2008, 2008 R2, 7, 7 SP1.
The attacks have caused major disruption to hospitals, telecom companies or gas and utilities plants. Among the organisations that took the worst hits is the National Health Service (NHS) in the UK, to share just a few examples.
Traditional ransomware is still one of the most common threats for small to large businesses across the world. While it usually spreads via malicious e-mail attachments, browser or third-party exploits, WannaCry attack automated the exploitation of a vulnerability which is present in most versions of Windows.
Why does it make it so dangerous? Simply because this allows a remote attacker to run code on the vulnerable computer and use that code to plant ransomware without any human and local action. This never before seen behavior makes it the perfect tool to attack specific environments or infrastructures, such as servers running a vulnerable version of the Server Message Block (SMB protocol).
Our next-generation machine-learning and memory introspection technologies ensure that our customers have always been safe from WannaCry, the world’s most aggressive piece of ransomware, AND will be similarly protected from the next such attack.
Customers using Bitdefender GravityZone and Bitdefender Hypervisor Introspection are protected from hour zero from this attack wave and they are not affected by this new family of ransomware as our products detect and intercept both the delivery mechanism and all variations of the WannaCry ransomware known to date.
Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage.
For this attack wave specifically, a machine learning model at the endpoint, developed by Bitdefender labs in 2013 is able to detect and block this ransomware variant.
Moreover, Bitdefender’s revolutionary Hypervisor Introspection technology, unique on the security market, is able to protect virtual servers from the entry mechanism of these attacks (the MS17-010 exploitation technique, otherwise known as EternalBlue).
What is more important, Bitdefender Hypervisor Introspection was able to prevent the exploit of the vulnerability long before it was disclosed and patched by Microsoft.
Here is Demo showing how Hypervisor Introspection defeats EternalBlue