Symantec Corp. has blocked nearly 22 million WannaCry infection attempts across 300,000 endpoints, providing full protection for Symantec customers through its advanced exploit protection technology. The WannaCry ransomware attacks targeted and affected users in various countries across the globe by encrypting data files on infected computers and demanding users pay a $300US ransom in bitcoin to decrypt their files. The protection of Symantec customers was enabled in part due to the integration of real-time threat intelligence shared across both Symantec Endpoint Protection and the Blue Coat ProxySG, which provided real-time threat awareness across the endpoint, network and cloud.
Symantec has posted a webinar with details on the WannaCry ransomware threat and how customers can protect themselves. To view the webinar, please visit Symantec’s website here.
“The WannaCry ransomware attack is the largest we’ve ever seen of its kind and we’re pleased to share that Symantec customers benefitted from multiple layers of protection even before it happened, through innovations and new capabilities in our Integrated Cyber Defense Platform,” said Mike Fey, president and chief operating officer at Symantec. “Our proactive network protection and advanced machine learning technologies provided real-time, zero-day, protection for all SEP and Norton customers when WannaCry was released last week. And, our Global Intelligence Network automatically shares WannaCry intelligence between Symantec endpoint, email and Blue Coat network products, providing full protection across all control points, including the cloud.”
Symantec Endpoint Protection and Norton customers are fully protected from WannacCry by multiple layers of advanced protection. This includes Symantec’s new advanced machine learning, proactive network exploit protection, SONAR behavioral protection, and the Intelligent Threat Cloud.
Customers of Symantec’s email service are also fully protected from WannaCry. The Skeptic and Link Following technologies available in Symantec Email Security.cloud provide additional proactive protection.
Through real-time sharing of Symantec and Blue Coat intelligence, all WannaCry samples blocked by Symantec Endpoint Protection are also automatically blocked for Blue Coat proxy customers.
Internet Security Threat Report: Ransomware Trends
Symantec’s Internet Security Threat Report (ISTR), Volume 22, provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. Ransomware continued to escalate as a global problem and a lucrative business for cyber criminals. In 2016, the average ransom per victim grew to $1,077, up from $294 in 2015 (a 266 percent increase).
Symantec recommends that all customers install the Windows security update MS17-010. Symantec Endpoint Management can be leveraged to efficiently distribute this and other patches and software updates across the enterprise. Symantec also strongly recommends that that Symantec Endpoint Protection customers verify that all SEP’s proactive technologies are turned on. Symantec’s advanced exploit prevention technology, included as part of the Intrusion Prevention System (IPS) capability, completely blocks all WannaCry infection attempts.