WannaCry 2.0; Oh No!

Recently, shouts rang loud from technical publications and news agencies far and wide: Quick! Patch everything!  Share the news!

Microsoft thinks the possibility of another WannaCry is real.  Pundits opine the threat must be horrendous if Microsoft is releasing a patch for an operating system for which they dropped support over 5 years ago.  I agree. If you are running your systems in “default-allow” mode as are most, utilizing modern “next-gen” security to protect your assets, you have reason for concern.  Especially if your business technology cannot be upgraded and you must continue use of older operating systems from Microsoft for any reason, you should be very concerned.

So called “Next Generation” security products typically drop support for older operating systems  as soon as Microsoft drops support

This is exactly why WannaCry 1.0 was so devastating; racking up a staggering $4 billion dollars in damage as it infected over 230,000 computers across 150 countries.  Britain’s National Health Service alone lost $92 million while 20,000 medical appointments of various levels of severity were cancelled due to the outbreak. Government systems, railways and many others were also hit. This all happened within a matter of hours.  Today, over 2 years after WannaCry, over 1 million computers remain unpatched against this threat.

This all happened because of a false sense of security.

We, as a people,  believe ourselves protected when we are not.  Modern cybersecurity amounts to a guard at the gate of a secure facility who, instead of using a list of names for whom access has been approved, operates with a list of bad-person names, pictures  and a description of how they walk, with instructions to stop them and let everyone else through the gate. Noone reading this blog believes that guard can possibly know every bad guy in the world, yet here we are in 2019 using this methodology trying to protect our most precious digital assets, the very lifeblood of our business.

Let’s take a look at how WannaCry worked to demonstrate

WannaCry used what is known as a dropper to get the malicious files onto a computer on the network.  The dropper itself masqueraded as “Microsoft Disk Defragmenter”. The files it dropped contained an embedded encryption tool which pretended to be diskpart.exe and a zip file containing a copy of Tor used to retrieve a set of encryption keys.

Once the files were downloaded, the dropper executable then exploited a vulnerability dubbed “EternalBlue” to spread itself to other computers within the network.  It then created a series of scheduled tasks on the computer to change permissions on files and registry keys, remove shadow copies from disks, retrieve encryption keys, setup persistence  and ultimately encrypt critical system files.

With Execution Control in place:

  1. The dropper could not have executed
  2. The tasks created would never have been launched
  3. The code used to exploit the vulnerability and spread the malware would never run.
  4. The encryption keys could never have been retrieved

The above is true for the new vulnerability as well, with or without Microsoft’s emergency patch.

White Cloud Security’s patented Trust Lockdown with Cyber-Metric Handprint technology  for Execution Control protects computers from Windows 2000 forward, as well as Linux.  Protection for Mac is in the works. Our solution is simple and effective, and the methods we employ are recommended by the most respected authorities in cyber-security.  With Trust Lockdown, nothing can execute unless it is on your “trust-list.” Specifically, with Trust Lockdown, you require zero knowledge of a threat to stop it in its tracks, you can stop all malware from executing–including zero-day threats, and, you can stop active infections without need to download signatures. And, there is no need to scan the disks to achieve this level of protection.

The velocity of malicious activity will only increase.  If posture is not addressed, compromise is a matter of “when” not “if.”  Prevent all untrusted execution. Call White Cloud Security today!


Leave a Reply

Your email address will not be published. Required fields are marked *