How to Prevent 'WannaCry' Ransomware and Similar Attacks


Since last week, users and organizations in over 100 countries, including major corporations and various government agencies, have fallen victim to the "Wanna Decryptor" or "WannaCry" ransomware attack. This ransomware was initially introduced to systems via phishing emails and spreads using a known Windows vulnerability.

Initial reports last Friday said that the United Kingdom National Health Service was infected by the ransomware, affecting up to 16 U.K. hospitals. Such an attack would have been disastrous enough on its own, but the ransomware has since spread to companies and government agencies all over the world. Wanna Decryptor is a ransomware attack of unprecedented scale, and it is currently ongoing.

MalwareTech found a simple way to disable an earlier version of the ransomware (h/t Ars Technica). However, new versions of Wanna Decryptor that cannot be disabled in this way have now been seen in the wild (h/t Wired).

The ransomware uses Windows vulnerability MS17-010. Windows issued a patch for this vulnerability on March 14, but many systems had not been updated. (Patching this vulnerability will help keep a system from being infected.)

OPSWAT Technology Helps Block 'WannaCry'

Many of our customers have been asking us if OPSWAT technology would have blocked this ransomware attack.

From the most current research available, there are a large number of malicious executables in the wild that were vehicles to install this ransomware. OPSWAT has been collecting and reviewing these files. As of this writing, MetaDefender Cloud has detected every one of these files as malicious, which means if you had used it to scan incoming files you would have caught them.

What about our MetaDefender on-premises solutions? As one would expect, the larger the MetaDefender multi-scanning package, the more likely it is that the ransomware would be caught. According to our research, MetaDefender Core 16 and MetaDefender Core 20 flag all of the files associated with Wanna Decryptor as malicious.

Additionally, the MetaDefender Workflow Engine enables administrators to set policies blocking executable files altogether. MetaDefender data sanitization strips malicious content from all kinds of files. With these two technologies, malicious files that spread ransomware can be blocked or rendered harmless.

MetaDefender Email Security renders phishing emails harmless by removing malicious hyperlinks and sanitizing all email attachments. This would have rendered useless whatever phishing emails were used to spread Wanna Decryptor.

5 Ways to Block Ransomware with MetaDefender

Ransomware like WannaCry/Wanna Decryptor can enter a system in any number of ways. That's why organizations should:

  1. Increase their email security in order to detect, block, or remove malicious email content. Employees receive phishing emails constantly, and MetaDefender Email Security will block malicious content in these emails.
  2. Improve their IPS, proxy, and storage server security to protect their data. MetaDefender ICAP Server efficiently and effectively accomplishes this.
  3. Add protection from malicious files uploads and downloads. MetaDefender ICAP Server also provides this.
  4. Block threats on portable media such as USB drives. MetaDefender Kiosk is deployed in many critical infrastructure facilities for this purpose.
  5. Acquire development tools to create powerful customized cyber security solutions. OPSWAT enables organizations to do this with MetaDefender APIs and OESIS Framework.

    Contact the OPSWAT sales team today to prevent ransomware attacks like Wanna Cryptor/WannaCry.


Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.