Jaff and WannaCry Blocked with Advanced Ransomware Protection

By Adrien Gendre, Chief Solution Architect, VadeSecure

AdrienGendreChiefSolutionArchitectRansomware, malware, and other types of cyberattacks have been making major headlines more and more often. Nearly all businesses sectors around the world are feeling the effects of these attacks.

Just last year, ransomware cost businesses $1 billion—and, of course, there are more than just monetary impacts. Ransomware can cause major damage to an enterprise’s reputation and can cause them to lose a significant amount operational time. Plus, less than half of organizations ever fully recover the data lost, whether they choose to pay the ransom or restore from a backup.

Since ransomware is constantly changing and evolving, it is difficult for standard email filtering systems to stay up to speed on all the latest threats. Unfortunately, this means that by the time a standard email filter recognizes a variant, it will have already claimed a few victims. This is why you need predictive ransomware protection and email security.

Ransomware that Shook the Globe

Back in early May, the world was bombarded with two different ransomware attacks. WannaCry and Jaff ransomware utilized exploit codes and slight ransomware variations to slip past standard email filters. Both malicious programs affected multiple countries and impacted businesses worldwide.

WannaCry ransomware was the malware that garnered most of the media’s attention. It took advantage of NSA exploit codes that had been revealed by a known hacker group a few weeks prior. It propagated via worm, taking advantage of an unpatched SMB v1 (server message block) feature vulnerability. This feature allows companies to share printers and files over a network, which is one of the reasons the attack spread so quickly. It forced many businesses to halt operations, including hospitals who were forced to cancel surgeries and turn away ER patients. Shortly after this ransomware was discovered, it was estimated that it had infected 210,000 machines in 99 different countries.

Jaff ransomware was first detected by Vade Secure on May 11. This Locky ransomware variant was delivered via a booby-trapped attachment. Users received a .docm file embedded within a PDF. Once users opened the PDF, macros within the .docm file began automatically downloading the payload and encrypting files. Within just 48 of this variant discovery, our advanced email security filters had blocked over 630,000 emails that containing the ransomware. Unfortunately, the slight variant meant that standard email filters were unable to initially detect the attack, allowing it to spread quickly.

Our Predictive Email Security: Every email undergoes eight layers of analysis, which allows us to find both known and unknown threats. Our approach also helps us detect other types of cyber threats such as time-bombed URLs or spear phishing attempts that may not include obvious malicious signatures.

Our Predictive Email Security: Every email undergoes eight layers of analysis, which allows us to find both known and unknown threats. Our approach also helps us detect other types of cyber threats such as time-bombed URLs or spear phishing attempts that may not include obvious malicious signatures.

 

Our predictive email security filters are backed by our virtuous cycle that takes into account both global and local threat data to determine email safety.

The Vade Secure Virtuous Circle: Our dominant ISP/ESP presence provides us with a massive data set that feeds our global threat center. This virtuous feedback loop helps ensure all emails are safe by comparing them with global and local threat data.

The Vade Secure Virtuous Circle: Our dominant ISP/ESP presence provides us with a massive data set that feeds our global threat center. This virtuous feedback loop helps ensure all emails are safe by comparing them with global and local threat data.

 

 

We have blocked every variant of Locky and CryptoLocker that has ever been found, with a success rate approaching 100%.

Our technology allows us to defend against all types of cyber threats including:

Want to learn more about how Vade Secure can protect your organization with advanced email security? Meet us at OX Summit in Bruxelles, contact us or call us at 415-745-3630.