Topics

May 19, 2017
Digital Arts Inc.

Protect Against WannaCry Ransomeware

WannaCry ransomware spread across the globe and many Japanese Tier 1 corporations are also starting to report that they have been exposed. What can Digital Arts solutions do to help you deal with the recent attack?

What is WannaCry?

WannaCry is a type of Ransomeware where after infecting the client terminal encrypts all files inside the device and demands a payment (ransome) in bitcoin in order to decrypt the files. 166 known file extensions can be encrypted with this Ransomware.

How do we get infected?

There are two currently known ways of being infected by WannaCry Ransomeware:

A. Computer with an open firewall port (port:445) that is externally accessible and running on a Windows OS where SMB MS17-010 vulnerability is attacked, and ransomeware implants a backdoor.

B. User executes malware file attached to an email message on client device.

What can we do?

1-a. Close firewall port and stop unnecessary network file sharing. Confirm any suspicious external access.

1-b. Run Windows security update to apply a patch on the SMB vulnerability.
※Also refer to
 https://technet.microsoft.com/ja-jp/library/security/ms17-010.aspx

2. Use the following features available on m-FILTER Ver.4.80R01 or later to confine infection to the client from email messages:
- delete attachments
- disable URL links

FinalCode, Digital Arts’ file security solution, offers strong encryption and protection to files with a file extension unique to FinalCode. FinalCode is a valid way to protect your files, because its file extension is not included in one of the 166 file types that WannaCry is capable of encrypting.

Better Protecting with the Next Update of i-FILTER and m-FILTER

Installing the next editions of i-FILTER and m-FILTER (tentatively on September 19, 2017) together realizes an even stronger and more robust way to stop malware from infecting the client device through email attachments. For more information on the next update of i-FILTER and m-FILTER (Japanese): http://www.daj.jp/bs/lp/i10m5/

i-FILTER Ver.10
  • • Major revamp on the most powerful i-FILTER database to include all searchable websites in Japan. Deep Web and other hiden services for C&C servers are invisible on search engines will not be registered on the i-FILTER database. Any website that are not registered on the i-FILTER database are considered to be malicious URLs.
  • • Leveraging this feature could theoretically block C&C server URLs (used for WannaCry backdoor communication).
m-FILTER Ver.5
  • • Determines fake sender, file extensions of attachments, and URL links in the message body. Automatically isolates suspicious email to keep message bodies from reaching the client device.
  • • Determines fake file extensions within password protected zip files.
  • • Deletes .exe attachments
  • • i-FILTER registers URL links contained in suspicious email messages/attachments to block any web communication.
  • • Email message with WannaCry Ransomware: theoretically m-FILTER will determine and isolate suspicious emails and attached malware files to prevent them from reaching the client device. URLs contained in the message body and/or attachments will be registered on the i-FILTER database, blocking any backdoor communication in the event such communication does occur.


Top of Page