Friday, 12 May 2017 brought one of the most significant malware outbreaks the world has seen in the past few years. This ransomware, called WannaCry (and variations such as WCry and WannaCrypt0r 2.0), is able to spread from computer to computer inside enterprise or government networks, a significant change from how recent malware has behaved.
Forcepoint Web, Email and NGFW security products around the world were updated within hours and are already blocking the WannaCry malware from being downloaded.
WannaCry is a particularly virulent form of ransomware. In addition to encrypting files of the user who clicked on the email, it takes advantage of unpatched operating system vulnerabilities to actively spread from computer to computer, greatly expanding the reach of its attack. One way WannaCry gets in is through email that lures people into clicking on links to compromised sites that push malware onto their machines. Users should be reminded not to click on links from unknown sources.
Forcepoint Security Labs has an analysis of WannaCry and provides guidance on how you can stay protected. For additional general guidance on ransomware, please visit www.forcepoint.com/ransomware.