“SophosLabs analyzed the “WannaCry” attack on Friday and immediately issued a detection update for customers. We believe this to be the first example of a commercial malware attack using ransomware techniques that took advantage of an exploit allegedly leaked from the US National Security Agency (NSA) and uses a variant of the ShadowBrokers APT EternalBlue exploit.
Sophos customers using Sophos Intercept X or Sophos Exploit Prevention (EXP) were protected proactively against the ransomware behavior from the first instance. Customers using the IPS rules in our XG firewall would have been protected from the exploit spreading the infection from outside their firewall. Sophos has added identities and generic rules to Sophos Endpoint Protection since then to block all known and potential future variants of the malware. We encourage all customers to deploy the Microsoft patch that mitigates the underlying vulnerability in the Windows operating system.
It is imperative that businesses everywhere update their operating systems, their security software and educate their users against phishing attacks. This is a best practice to reduce the risk from any attack.
Sophos customers and partners can learn more about the Wanna attack by reading our Knowledge Base article at: https://community.sophos.com/kb/en-us/126733.
For home users (i.e., consumers), Sophos advises that all users of Sophos Home ensure their Windows operating system has been updated with the latest Microsoft updates and that their security software is also up to date. We also invite and encourage all home users to try our new Sophos Home Premium beta which is also free. It offers our most powerful protection against exploits and ransomware attacks. Learn more at: https://home.sophos.com/”
Sunil Sharma, Vice President – Sales at Sophos, India & SAARC.