File Integrity Monitoring NON STOP FILE INTEGRITY MONITORING

The WannaCry global ransomware epidemic does not appear to be weakening anytime soon, as security researchers spotted two new variants of the malware just yesterday.

The ransomware was stopped over the weekend thanks to British cyber security researcher, MalwareTech, when he uncovered a way to create a kill switch within WannaCry.

According to MalwareTech, the ransomware was infecting users because of its connection to an unregistered domain and the kill switch was hardcoded into the malware in case the author wanted to stop it from spreading. This involved a very long, illogical domain name that the malware makes a request to as if it was looking up any website. If the request comes back showing the domain is live then the kill switch kicks in and the malware quits spreading.

MalwareTech implemented the kill switch by registering the domain name and stopping the spread of the malware, costing him only $10.69 to do so. But we’re not out of the woods yet; cyber criminals have already developed two newer versions of the malware without a kill switch built in. While these are said to not have the same impact as the original, it’s important to note that these criminals do not appear to be slowing down.

According to Ryan Kalember, SVP of Cybersecurity at Proofpoint, “These appear to be patched versions of the original malware, rather than recompiled versions developed by the original authors. The first variant, WannaCry 2.0(a), pointed its “kill switch” to a different internet domain—which was also promptly registered and effectively sink-holed, stopping its spread. The second variant, WannaCry 2.0(b), had the kill switch functionality removed, thus enabling it to propagate—but the ransomware payload fails to properly deploy, causing no direct impact to targeted systems.”

Europol has confirmed that this threat is still ongoing and the number of infections will continue to grow, as more than 200,000 victims in 150 countries have been infected already.

At times like this, it’s worth noting the importance of covering the basics of security and adopting existing, known best practice. NNT recommends the CIS critical controls as a basis for sound cyber security. NNT also has several Ransomware Mitigation Kits, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified. To learn more or to request your own personalized ransomware mitigation kit, click here

 

Read this article on InfoSecurity Magazine

 

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.