The WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry, exploded on at least 75,000 computers across 99 countries, infecting hospitals, businesses including Fedex, rail stations, universities, one national telecom operator (at least), and many more organizations on the 12th May 2017.
European countries, including Russia, were among the worst hit. In response, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, such as XP and Server 2003, as well as modern builds.
The Ransomware has been Identified as WannaCry
To recap, WannaCrypt is installed on vulnerable Windows computers by a worm that spreads across networks by exploiting a vulnerability in Microsoft's SMB file-sharing services. It specifically exploits a bug designated as MS17-010 that Microsoft patched in March for modern versions of Windows, and today for legacy versions. All remaining unpatched systems are therefore vulnerable and can be attacked.
This bug was, once upon a time, exploited by the NSA to hijack and spy on its targets. Its internal tool, codenamed Eternal Blue, was stolen from the agency (and leaked online in April), putting this US government cyber-weapon into the hands of any willing miscreant. Almost immediately, it was used to hijack thousands of machines on the internet. Now, someone has taken that tool and strapped it to ransomware: the result is a variant of WannaCrypt, which spreads via SMB (Microsoft Server Message Block Protocol) and, after landing on a computer, encrypts as many files as it can find. It charges $300 or $600 in Bitcoin to restore the documents. It is adept at bringing offices and homes to a halt by locking away their data.
Exposure of Traditional Perimeter Firewall Limits
Data center is becoming larger and more complex than ever, especially in this cloud era, traditional firewall sitting on the network perimeter simply couldn’t meet the security demand of modern data center:
- The perimeter firewall is used to secure the perimeter, prevent intrusions and keep from virus attack. The mechanism of this type of firewalls is to protect traffic from client to server (north-south), and not from server to server (east-west).
- It’s simply unrealistic to install loads of firewalls inside data center to protect thousands of workloads with a variety of security demands.
- Highly dynamic workloads require high management overhead on the perimeter firewall and the policy of perimeter firewall is not self-adaptable, granular and automated enough to follow the migration of workloads.
- It takes a large amount of time and resource to come up with the right patch solution for the malware on the perimeter firewall, the cost during this period is unimaginable.
Shield Your Data with Distributed Firewall on Sangfor HCI
Is there a simple way to effectively protect servers inside data center? Yes, and it comes from Sangfor HCI (Hyper-Converged Infrastructure). The distributed firewall on Sangfor HCI provides effective east-west network segregations between virtual machines, and with only one rule, all VMs on Sangfor HCI can be shielded from Ransomware instantaneously. Just follow the steps as described below:
Step 1:
Open network page on the Sangfor HCI management platform, enter Distributed Firewall, configure the policy, deny all access of ports 135, 137, 138, 139, 445, 3389.
- Source: All
- Destination: All
- Service: TCP 125, 139, 445, 3389 UDP 137, 138
- Action: Reject
Step 2:
If you’re not sure whether there’s normal access via ports 135, 137, 139, 445 and 3389 among VMs, you can open Packet Drop List, check the intercepted access, and then allow it individually.
Step 3:
Go download your update patch whenever its convenient for you.
The kernel of Sangfor HCI is deeply integrated with IPS and WAF security modules with extremely limited ports and super high security, not to mention the built-in snapshot and backup features.
Once you detect any infected VMs, simply roll back to malware-free backup version with one click at your fingertip.
No Need to Cry Under WannaCry!