Protecting Your Organization from the WCry Ransomware

WannaCryptOr Ransomware

WannaCryptOr or "WannaCry" is a new family of ransomware (a cybersecurity threat class that locks computer files and systems unless a payment is made). This threat class is estimated to have cost organizations an estimated $1 billion in ransoms, as attack volume increased 100x from three years ago. This particular family has quickly become major news around the world as its impacts have gone well beyond the financial sector.  In arguably the most serious instance, WannaCry impacted multiple sites of the UK National Health System; in certain cases, this resulted in facilities urging patients to only come for life threatening emergencies. 

Critical Update: WannaCry Ransomware

Critical Update: WannaCry Ransomware

자세히 읽기
Mapping The Ransomware Landscape

Mapping The Ransomware Landscape

자세히 읽기
SamSam and WannaCry

SamSam and WannaCry

Read the Blog Now

A few aspects make this version of ransomware particularly dangerous (more details here):

  •  It exploits a Microsoft Windows vulnerability only recently released to the public and applicable to multiple OS versions including “out-of-support” Windows XP-based systems that did not originally get a patch from Microsoft
  • After infection, it not only encrypts the individual system but aggressively looks for other systems it can reach and compromise
  • The malicious code is modular in nature, making it especially easy for the attacker to quickly change and avoid reactive identification

Fortunately, there are several preventive measures that organizations can take to limit the impact of ransomware such as this:

  1. Timely Vulnerability Management to prevent the unauthorized install of malicious code
  2. Effective Threat Protection Systems to stop unauthorized malicious code reaching the vulnerable system
  3. Advanced Threat Detection Mechanisms to detect zero-day attacks
  4. Granular Network Segmentation to contain initial compromise
  5. Routine Backup to recover data without paying ransom

Security Recommendations

The above security best practices are possible with the Fortinet Security Fabric.  For WannaCry ransomware, the following Security Fabric elements have capabilities to detect, prevent, and mitigate: 

  • Email Security (FortiMail) – Malware and URL Scan
  • Network Security (FortiGate) – IPS, APP Ctrl, Malware Scan, IP Botnet, Segmentation
  • Endpoint Security (FortiClient) – Vulnerability and Malware Scan
  • Advanced Threat Protection (FortiSandbox) – Behavioral Analysis
  • Management & Analytics (FortiAnalyzer/FortiSIEM) – Event Correlation


Fortinet Security Fabric for WannaCry FortiSIEM FortiAnalyzer FortiCloud FortiMail FortiSandbox FortiGate FortiClient

For more information about ransomware, please visit our Ransomware Solution Page.   

For more information about Fortinet solutions to help stop ransomware, please visit our Solutions Page.

WannaCry (MS.SMB.Server.SMB1. Trans2. Secondary. Handling. Code. Execution) and Other Attacks Tracked Live on the Fortinet Threat Map