Summary: On May 12th, 2017 the ransomware WannaCry (also known as WannaCrypt, WannaCrypt0r and other naming variations) has struck approximately 150 countries and affected over 200,000 systems. The malware encrypts files on individual system and victims have 3 days to pay the ransom ($300 US) or the price doubles. After 7 days, the malware deletes the encrypted files. The ransomware currently supports 28 different languages and encrypts 179 different type of files.
Impact and Products Affected: It is very important to note that Barracuda NextGen Firewalls successfully block this attack:
- IPS: Detection of the used exploit included since April 21st with IPS signature database version 6.348 or later.
- Anti-Virus: The Barracuda Malware Protection covers the first version of WannaCry with signature version 220.127.116.11 (released on April 7th). Update 7.14.06.158 (released on May 12th) covers the latest version.
- Advanced Threat Protection: The Barracuda Advanced Threat Protection with Sandboxing returns a 100% “maliciousness” score.
We strongly advise all customers to take the following steps:
- Make sure your systems are patched. Microsoft issued Security Bulletin MS17-010 – Critical Security Update for Microsoft Windows SMB Server (4013389) patch on March 14. Any unpatched systems are at risk. Microsoft issued an emergency patch on May 12 (KB4012598) for additional versions of Windows, including XP and Windows 2003.
- Make sure that the Barracuda NextGen Firewall Anti-Virus and IPS inspection engines are enabled in order to prevent the ransomware from being downloaded.
- For the time being isolate communication to UDP ports 137/138 and TCP ports 139/445.