IMPORTANT SECURITY NOTICE: crypto-ransomware
Ransomware (or crypto-ransomware) is a $1 billion business that often evades traditional anti-malware. Learn what you’re up against and how to stop it. Our system of safeguards is proven to stop ransomware in its tracks, including all Wanna variants, by blocking the unauthorised encryption of files.
WannaCry ransomware: How it works and how to protect yourself
A significant number of organisations have been affected by a virulent new ransomware variant, Wanna, which is also known by a number of alias names including WanaCrypt0r.
We have a range of resources to help our partners stay protected from this attack. Please reach out if you think you need more protection for your team and your data from crypto-ransomware.
Ransomware attacks are usually launched via a “trojan” application, which enters a system through a downloaded file or a security vulnerability in a network service.
While operating system and networking companies regularly release updates to fix security flaws used by such trojan apps, many users fail to install the updates, leaving their machines and networks open to attack.
Sophos Intercept X, Sophos Exploit Prevention (EXP), and Sophos Server Protection Advanced customers have protected proactively against Wanna ransomware from the first instance. Watch Intercept X in action against Wanna.
What is Wanna Ransomware?
A new ransomware attack called ‘Wanna’ (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to:
.wncry and .wncrypt.
How does Wanna Ransomwear work?
The proven CryptoGuard capabilities in Sophos Intercept X block ransomware as soon as it starts trying to encrypt your files, returning data to its original state. Intercept X:
Protects endpoints from ransomware attacks
Automatically rolls back file changes with no data loss
Stops both local and remote file encryption