WannaCry Ramsomware Attack

WannaCry vs. Sophos

A significant number of organizations have been affected by a virulent new ransomware variant, Wanna, which is also known by a number of alias names including WanaCrypt0r. Sophos Intercept X, Sophos Exploit Prevention (EXP), and Sophos Server Protection Advanced customers were protected proactively against Wanna ransomware from the first instance.

Watch Intercept X in action against Wanna in The Video Below.

During Friday May 12th and Saturday May 13th, we updated our protection rules and Sophos Endpoint products now block all known variants of Wanna from executing.

We recommend all customers follow the steps below. Wanna exploits a Windows vulnerability in SMB for which Microsoft released a patch in March. It is highly likely that new attacks will appear based on the leaked exploit and is therefore critical to patch this vulnerability at the first opportunity (step 1).
1. Update all Windows environments as described in Microsoft Security Bulletin MS17-010
2. Whitelist specific domains related to this attack
3. Update your endpoint software. Sophos customers are protected from this outbreak
4. Ensure you are running advanced ransomware protection such as Intercept X
5. Home users should consider signing up for the Sophos Home Premium beta, which adds protection from ransomware