Bitdefender blocks WannaCry

Status
Not open for further replies.

ras74

Level 2
Thread author
Verified
May 11, 2014
60
Bitdefender blocks world’s most aggressive piece of ransomware with next-generation detection technologies
Users under threat from an ongoing global ransomware outbreak that has targeted Windows computers in more than 70 countries can keep their systems safe with security software such as Bitdefender and should make sure to get the latest patches from Microsoft, experts say. The WannaCry ransomware encrypts files in the PCs it infects. Attackers demand a ransom be paid in exchange for decryption.




Users under threat from an ongoing global ransomware outbreak that has targeted Windows computers in more than 70 countries can keep their systems safe with security software such as Bitdefender and should make sure to get the latest patches from Microsoft, experts say. The WannaCry ransomware encrypts files in the PCs it infects. Attackers demand a ransom be paid in exchange for decryption.

"This particular ransomware is correctly identified and blocked by 30% of the AV vendors using current virus definitions,” said Ivanti’s Phil Richards, cited by The Mirror. The expert mentioned Bitdefender as one of the solutions effective against WannaCry.

To stay safe, you should also keep your Windows system updated with the latest security patches from Microsoft via your Windows system’s auto-update feature.

The attacks have caused major disruption to hospitals, telelcom companies or gas and utilities plants. Among the organisations that took the worst hits is the National Health Service (NHS) in the UK.

Why is this ransomware attack different

Unlike other ransomware families, the WannaCrytor strain does not spread via infected e-mails or infected links. Instead, it takes advantage of a security hole in most Windows versions to automatically execute itself on the victim PC. According to various reports, this attack avenue has been developed by the National Security Agancy (NSA) in the US as a cyber-weapon and it was leaked to the public earlier in April along with other classified data allegedly stolen from the agency.

Analyzing the infection mechanism we can say that WannaCry is one of the biggest threats that both end users and companies have to face recently. Because the list of vulnerable Windows PCs can be found through a simple internet scan and the code be executed remotely, no interaction from the user is needed. Once the PC is infected, it acts like a worm, it replicates itself in order to spread to other computers.

Our analysis reveals that the wormable component is based on the EternalBlue exploit that had been leaked out in a data dump allegedly coming from the NSA. This strain of malware is one of the few that combine the aggressive spreading mechanism of a cyber-weapon with the irreversible distructive potential of ransomware. Up until now, more than 120,000 computers worldwide have been infected.

Bitdefender has developed strong anti-ransomware capabilities to help users stay safe from such sophisticated attacks, which have been on the increase in recent years.

As this ongoing outbreak is affecting countless computer users around the world, Bitdefender is actively working on a free decryption tool to help victims recover their information without paying the ransom. Make sure to follow Bitdefender on Twitter and Facebook to be notified when it becomes available.

Find out if you are vulnerable. The CVE07-010 vulnerability affects almost all versions of the Windows operating system, including those who are not actively supported anymore, such as Windows XP, Windows Vista and Windows Server 2003. Because of the extremely high impact, Microsoft has decided to issue patches for ALL operating system, including the unsupported ones. If your operating system does not have the specific hotfix installed, then you are vulnerable and need to update immediately.



What you can do to stay protected?

  1. Disable the Server Message Block service on the computer if patching is impossible.
  2. Install the patch
  3. Back up your data on offline hard drives. The ransomware malware will encrypt files on external drives such as a USB thumb drive, as well as any network or cloud file stores
  4. Patch and Update your software and make sure you have all Windows updates on your machine.
  5. Use a reputable security suite https://www.av-comparatives.org/wp-content/uploads/2017/04/avc_factsheet2017_03.pdf

 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I know that Hitman Pro Alert, Malwarebytes 3, Emsisoft and Kaspersky blocked this Ransomware without signatures by using behavior blocker technology.
When a antivirus detect a know piece of malware it isnt anything special, it is a obligation (not saying that Bitdefender didnt block proactively).
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
It's a bit late, did any Security firms that use Antivirus technologies detect it before the wide-spread outbreak?

Remember many companies do not even have up-to-date licenses for AVs so they carry PCs with no protection at all. That doesn't mean the AV would detect it in that time, I guess that only a good BB would get it.
 

ras74

Level 2
Thread author
Verified
May 11, 2014
60
I know that Hitman Pro Alert, Malwarebytes 3, Emsisoft and Kaspersky blocked this Ransomware without signatures by using behavior blocker technology.
When a antivirus detect a know piece of malware it isnt anything special, it is a obligation (not saying that Bitdefender didnt block proactively).
bitdefnder block By anti-ransomware this Ransomware without signatures
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
New ransomware variants change their code resulting FUD for the AVs that detected the old version via signatures.

The ransomware follow this rule for any campaign by changing their code using obfuscation and polymorphism. Of course, after the first victims and the related reports, some antivirus will begin to recognize the malware code as dangerous and blocking the download or the execution: but at this point ransomware's cycle repeats itself.

Lets say that the average user relies completely on AV signatures.
Dynamics and behavioral technologies can block the malware execution, but often the user ignores the alarms or he responds "Allow " or "Yes".
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814

Xsjx

Level 13
Verified
Feb 21, 2017
613
Variants of the ransomware were detected two months ago, probably by multiple vendors. Those variants may not have had the same functionality (such as making use of EternalBlue or the ability to replicate and spread to other vulnerable systems) as the one that has caused the current crisis.
Who knows ...
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Those variants may not have had the same functionality (such as making use of EternalBlue or the ability to replicate and spread to other vulnerable systems) as the one that has caused the current crisis.
Quoting the article:

"In the case of WannaCrypt0r it’s a vulnerability called EternalBlue – one of the exploits recently released by Shadowbrokers in the leaked NSA tools archive"

May 13, 2017 @Xsjx why 2 months ago?
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480

Quoting the article:

"In the case of WannaCrypt0r it’s a vulnerability called EternalBlue – one of the exploits recently released by Shadowbrokers in the leaked NSA tools archive"

May 13, 2017 @Xsjx why 2 months ago?
From the same article of Avira-
"we can already confirm that our software successfully detects it, as variants of the ransomware have first been detected by our scans approximately two months ago."
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top