Tuesday, 17 September 2019 | 19:13 WIB

How to Mitigate Damages from WannaCry Ransomware Attack

illustration: WannaCry ransomware (rancah)

JAKARTA, NETRALNEWS.COM - The new WannaCry ransomware attack has infiltrated 57,000 computers in 150 countries. In fact, the malware has crippled important industry segments, including health and other segments.

Along with WannaCry ransomware and the likes that are constantly attacking global industries, Fortinet, as a leading provider of cyber security solutions, strongly recommends organizations at Asia Pacific to take immediate protection measures against this damaging Ransomware.

David Maciejak.(dok.Ist.)

Fortinet's FortiGuard Labs has been monitoring and analyzing measurable threats from over two million sensors worldwide, and WannaCry ransomware and the likes have been very damaging with the ability to replicate them, "said David Maciejak, Director of Security Research at Fortinet, in a written statement received by netralnews.com on Thursday (5/18).

"This ransomware is known by a number of names including WCry, WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. The malware is spread through an NSA-related exploit called ETERNALBLUE that was leaked last month by a group of hackers known as The Shadow Brokers. ETERNALBLUE exploits the vulnerabilities of the Microsoft Server Message protocol Block 1.0 (SMBv1), "he added.

Maciejak added that WannaCry has infiltrated thousands of organizations worldwide, including key institutions.

"Ransomware is easily recognizable because its ransom requests are supported over 24 languages," Maciejak added.

Fortinet's search shows that on average there are more than 4,000 Ransomware attacks every day since January 1, 2016. If an organization has been affected by Ransomware, Fortinet strongly recommends the following steps:

1. Immediately isolate the infected device by disconnecting it from all networks as quickly as possible to prevent Ransomware from spreading to other connected networks / devices.

2. If the network is infected, disconnect immediately with all connected devices.

3. Turn off all affected devices that have not been completely damaged. It can clean and repair data, allocate damage, and so as not to aggravate the situation.

 4. Back-up data must be stored offline. When detected, check back-up data and make sure it's free of malware.

5. Contact the authorities immediately, report any ransomware experienced, and ask for help.

Meanwhile, for organizations and companies that have not been exposed to Ransomware attacks, Fortinet recommends the following precautions:

1. Perform patches on the operating system, software, and firmware on all devices. For large organizations with multiple devices, consider including a centralized patching system.

2. Install IPS, AV, and Web filtering technologies, and remember to keep it up to date.

3. Make back-up data on a regular basis. Verify the integrity of the data back-up, encrypt, and test the data repair process to make sure everything is working.

4. Scan all incoming and outgoing emails to detect threats and filter the files to be sent.

5. Schedule regular scans with anti-virus and anti-malware automatically.

6. Disable macro scripts on files transmitted by email. Consider using devices such as Office Viewer to open Microsoft Office-related files rather than through Office applications.

7. Develop strategies to build viable business continuity in the face of risky jobs.

 "Fortinet handles the security challenges of an organization with Security Fabric intelligence covering the entire network, connecting security sensors and different devices, collecting, coordinating and responding to every crime that comes up at any time," Maciejak said.

"Only by leveraging all coordinated defense resources can be effective against major cyber attacks like WannaCry."

FortiGuard Labs itself has more than 200 researchers and reliable analysts worldwide. Researchers work with international technology and equipment to study, discover and provide ongoing protection.

Fortinet (NASDAQ: FTNT) provides protection to major corporations, service providers and governmental organizations around the world. Fortinet provides intelligent protection services for handling attacks and improves unlimited network endurance - now and in the future.

Only Fortinet Security Fabric is able to provide security without compromising on all challenges, whether in network, application, cloud or mobile. Fortinet is number one in the world's leading application security provider and more than 310,000 customers entrust their business in Fortinet protection.