CrowdStrike Falcon Prevents WannaCry Ransomware
CrowdStrike Falcon Intelligence™ identified a new variant of Windows ransomware, named Wana or WannaCry, that is rapidly spreading across multiple countries and was widely reported as an attack on England’s National Health Service (NHS). WannaCry ransomware is believed to have already caused a significant number of infections from a campaign that began on May 12, 2017.
CrowdStrike Falcon’s advanced endpoint protection offers next-gen antivirus that incorporates machine learning augmented with behavioral analysis that looks for indicators of attack (IOAs) — detecting suspicious behavior before an attack occurs. These prevention features will block the WannaCry ransomware and keep it from executing and encrypting the target organization's data.
See How to Stop WannaCry Ransomware
With CrowdStrike Falcon Endpoint Protection
Additional Resources for WannaCry and Other Ransomware:
- Whitepaper: Ransomware - A Growing Enterprise Threat
- Blog: Falcon Intelligence Report: Wanna Ransomware Spreads Rapidly; CrowdStrike Falcon Prevents the Attack
- Demo: How To Stop Ransomware with CrowdStrike Falcon Endpoint Protection
- CrowdCast: Is Ransomware Morphing Beyond The Ability of Standard Approaches to Stop It?
CrowdStrike Falcon™ and Ransomware
Cloud-delivered endpoint protection that stops online extortion
Ransomware is not new but its exponential growth curve has made it a pervasive threat to end users. This extortion-based category of cybercrime uses encryption to block access to select files on a compromised endpoint. In most cases, the only way to retrieve the encrypted files is to restore from a pre-existing backup, or pay a ransom which can vary from a few hundred up to a few thousand dollars, depending on the victims’ size and ability to pay. Ransomware prevention represents a significant security challenge because ransomware evolves constantly as cyber criminals refine their tools, techniques, and procedures.
How Ransomware Protection from CrowdStrike Works
Because attackers can and will shift their techniques, CrowdStrike’s next-generation endpoint protection solution, CrowdStrike Falcon, uses an array of complementary prevention and detection methods:
Detect & Block known Ransomware
Exploit blocking to stop the execution and spread of ransomware via unpatched vulnerabilities
Machine learning for detection of previously unknown “zero-day” ransomware attacks
Indicators of Attacks (IOAs) to identify and block additional unknown ransomware, and protect against new categories of ransomware that do not use files to encrypt victim systems
CrowdStrike Falcon uniquely combines these powerful methods into an integrated approach that protects endpoints more effectively against the menace of ransomware. This protection spans known and unknown ransomware -- and even prevents “file-less” ransomware that is invisible to conventional malware-centric defenses.
See How CrowdStrike Falcon Detects Ransomware & Blocks it
Continuously Improving Ransomware Protection
Close collaboration between CrowdStrike’s detections, Falcon Overwatch and Falcon Intelligence teams provides you with continuous updates, including newly created Indicators of Attack (IOAs) and machine-learning algorithms that reflect and anticipate evolving ransomware techniques. This unique set of capabilities allows Falcon defenses to stay relevant against ransomware, even when attackers change their methods.