We have grown accustomed to computer viruses but the latest WannaCrypt worm attack was a Friday surprise that took the world by storm. It claimed more than 200,000 victims in less than 48 hours, according to one count by Europol, Europe’s policing agency. The Associated Press also reported that the ransomware spread to 150 countries, and attacked all types of companies including Chinese gas stations, Japanese broadcasters, British hospitals, and German railways.
The “WannaCrypt” worm is particularly malicious because it takes just one person to click on an infected link or email attachment to get infected. Once infected, the host machine scans both the intranet and internet for other vulnerable machines which allows the virus to spread incredibly fast.
It was not a good way for IT teams to kick off their weekend.
Host Checker can save your weekend…
Let’s look at the WannaCrypt ransomware in more detail. The malware exploits a known Microsoft Windows Vulnerability MS17-010, which is Microsoft’s implementation of the Server Message Block (SMB) protocol. Microsoft had released a “Critical” advisory and the security patch to fix this vulnerability two months prior to the May 12th attack. So, if IT kept user devices current with Windows security patches, they prevented infection and spread of the virus. The second key aspect of the WannaCrypt ransomware is its ability to quickly spread. If one computer gets infected on the intranet without getting its access blocked, it will infect all other vulnerable computers on the intranet.
Pulse Secure can help prevent this scenario using the compliance enforcement capabilities embedded within Pulse Connect Secure and Pulse Policy Secure. When a user attempts to connect to the corporate network, locally via WiFi or remotely via VPN, the host checker function automatically checks for policy compliance of the host machine examining such things as antivirus, firewall, anti-spyware, OS version and patch management. The device is not allowed to attach to the network if it fails the policy check.
Now how could host checking help prevent or contain the WannaCrypt attack? Once Microsoft published the security update for the MS-170 exploit on March 2017, users attempting to login without the patch would be denied network access and prompted to install the latest patch. In addition, administrators could also block or restrict access for users from outdated/unsupported version of Windows such XP or Vista.
Problem solved. Weekend saved.
Host Checker is an integral part of Secure Access solutions from Pulse Secure.
Go here to get a deeper technical dive on how to defeat WannaCrypt with Host Checker.
Learn more about how to enforce compliance security for both data center and cloud access by visiting our product page.