We know that many of the UK National Health Service organisations, along with many small and large businesses such as Nissan and Hitachi have been affected by a virulent new ransomware variant, WannaCry also known as WanaCrypt0r. Although some of you reading this aren’t yet protected by us, we are reaching out proactively to all our contacts to offer our advice and support during this period. Our technical support team are available 24/7 and although response times and call wait times are higher than average we are endeavouring to answer every call as quickly as possible.
If you aren’t already aware of Ransomware, you should be. Ransomware is a dangerous form of malware that, like the name suggests, holds your data to ransom by encrypting your entire systems, files, devices etc. It then locks you out of these systems and files, with any attempt to get in to these files proving useless as all data has been encrypted by the malware and can only be accessed with the dedicated encryption key. One of the most brutal aspects of the virus is that it can encrypt all data on a PC in a matter of seconds, including data on any shared spaces or drives or other computers on the same network.
Sophos strongly recommend that you ensure your computers are patched against the vulnerability – Microsoft Security Bulletin MS17-010 – that allows the ransomware to spread between machines so quickly – a patch is now also available for Windows XP, 2003 and 8. Please monitor the article at Wanna Decrypt0r 2.0 Ransomware to stay up to date with the latest information.
During Friday and Saturday, Sophos made several updates to our protection rules meaning that Sophos Endpoint products now block all known variants of WannaCry from executing, and our team have worked tirelessly over the weekend to ensure all servers were up-to-date. Customers already using Intercept X or Exploit Prevention were protected proactively against the ransomware behaviour from the first instance.
Although all Sophos customers are now protected from WannaCry it is highly likely that new attacks might appear based on the leaked exploits. Prestige Logic want all NHS trusts to have the best possible protection during this high risk period, while vulnerable machines are upgraded and/or patched. To ensure that all NHS customers are able to benefit from proactive protection against any new attacks, we would like to offer all NHS customers, free of charge for a limited period, our new “Next Generation” endpoint products (Intercept X & Exploit Protection) which provide behavioural and exploit based protections against ransomware attacks and zero-day exploits, and which have been effective so far against all new WannaCry variants.