EternalBlue enabled attackers to discover at-risk computers and devices on the victim’s network, exploit the known Windows operating system and propagate the malware across other systems. WannaCry used a backdoor called DoublePulsed to install itself on the web to help propagate to other machines. DoublePulsed executed the WannaCry malicious code on the endpoints to propagation to several hosts within minutes.
Impact of Ransomware
The attack vector tricked Windows systems into running their malicious software using the SMBv1 protocol to spread malware between machines. A single infected computer on a network can put an entire organization at risk.
Anatomy Of WannaCry Ransomware
The WannaCry ransomware program has several elements. There’s a primary program containing other programs, including locker ransomware software. Once WannaCry has infected a computer system,
it looks for specific file types, including:
The malware executes a routine to decrypt the files, which can be decrypted only by using an externally delivered digital certificate.
How Is WannaCry Propagating in 2022?
Recently, security researchers have seen renewed WannaCry ransomware variants in the wild. One report noted a 53% increase in WannaCry ransomware in March 2021 compared to January of this year, while another stated that WannaCry was the top ransomware family used in the Americas in January with 1,240 detections.
In the latest variance, security experts believe WannaCry is propagating more through email using phishing and whaling attack vectors. Like legacy phish attacks, WannaCry phish emails have misspellings, unreadable phrases, and language tone. The emails seem to leverage reverse social engineering techniques by enticing the recipients to reply to the original messages. The body of the email contains multiple paragraphs describing the pending total encryption and “erasion” of all data connected to the supposed victim’s computer and any computers, servers, and mobile devices connected to the network.
Protection Against Ransomware
The best security strategy against spreading ransomware combines prevention, education, detection, and backup recovery. Because the impact of the new variance of ransomware is distributed via malicious emails and attachments, organizations should invest in solutions that block the delivery of harmful emails.
The second prevention measure requires configuring your IT environment to deter one of the most common ways ransomware spreads— through malicious macros buried inside attachments. Most organizations leverage sandboxes to scan attachments before users access the content.
A third measure is for all users to back up their systems to off-site or secured vault away from their devices. If their device becomes infected with ransomware, restoring from a previous backup is the fastest way to resolve the issues. While backup is an excellent solution to resolving malware, hackers using ransomware malware are known to target backup systems.
The Trustifi Inbound Shield™
Trustifi’s Inbound Shield imposes a layer of protection between your email system and the outside world. Using Artificial Intelligence (AI) and dynamic engines, Inbound Shield readily identifies and blocks suspicious inbound emails. In addition to scanning and eliminating malicious content, the Inbound Shield looks for a host of anomalies, including:
- Imposters are sending messages from falsified domains.
- Requests for money transfers and confidential information.
- Links to impersonated websites.
- Attachments contain executable code snippets, SQL injection strings, etc.
- Header analysis to detect spoofing and impersonation techniques
- Deep analysis based on content, metadata, and domain reputation
- Proprietary method to catch zero-day phishing sites
- Links inside files
- Zip and archive files
- Trojans, viruses, and malware
Trustifi Security-As-A-Service Escalation In Action
Trustifi Security as a service team with a high sense of urgency contacted several law-enforcement and global cyber monitoring agencies, including:
- Cybersecurity Infrastructure Security Agency (CISA), part of the Department of Homeland Security.
- United States Computer Emergency Readiness Team (US-CERT)
- The Anti-Phishing Working Group (APWG), Google Safe Browsing, OpenPhish, PhishTank, Bitdefender.
- Trustifi communicated with the website owner (since it is unclear if the website was hijacked or used as a bogus company/undercover site for phishing attacks).
Trustifi is a cyber security firm featuring solutions delivered on software as a service platform. Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.
As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.
Trustifi’s email security services feature a comprehensive suite of email tools for advanced threat protection, easily configurable Data Loss Prevention, and enterprise email encryption. Trustifi’s easy-to-use software is unmatched in its user-friendliness, flexibility, and cost-effectiveness. Trustifi’s time to value, ease of deployment, and lower cost of ownership for SecOps make the company culture secure and a financial match for any client seeking email security, data exfiltration, and message encryption.
Whether you’re looking for an extra layer of protection in your existing email environment or a complete suite solution, the expertise and simplicity Trustifi offers will exceed your expectations. Let’s discuss a customized email security plan that fits your needs perfectly.