On May 2017, a vicious ransomware known as WannaCry has swept the world with its infection among Microsoft Window computers. The attack targets a security loophole called EternalBlue which was developed by US National Security Agency (NSA) and infiltrates into users system. Once the hacking process is complete, the attack will immediately encrypt all data in the users’ systems and demand a 300-500 bitcoin ransom to unlock.
What makes this ransomware so deadly is the speed of its infection. WannaCry’s outbreak was first discovered in London on May 12th, and up to now (May 18) reports have shown that more than 200,000 computers were infected across 150 countries. Countries in Europe, especially the United Kingdom, have suffered the most severe damages with hospitals and organizations shutting down due to the attack. With the victim numbers still escalating, WannaCry is seen as the most destructive cyber-attack in the past few years.
In order to defend against the attack, understanding WannaCry’s attacking traits and behaviors is the first fundamental step. GenieATM is a flow-based traffic analysis solution that is designed to deliver real-time traffic analysis and security protection for internet service providers. The system is equipped with a real-time profiler to analyze traffic behavior. When suspicious traffic is detected, GenieATM cross-matches its signatures with GenieATM inbuilt anomaly database and send out alarms to timely notify network operators. In this WannaCry incident, GenieATM monitors the service provider’s whole network infrastructure for the Server Message Block (SMB) protocol traffic, which is used by WannaCry to launch its infection. GenieATM can also alert on the anomaly SMB traffic rate deviating from its normal traffic rate. In addition to the monitoring and alerting, GenieATM also provides full attribute reports of WannaCry to offer users the insights on the attack spreading, and hence can take the right action of defending the attack. To date, several China’s top-tier ISPs have reported that GenieATM has effectively helped them to define WannaCry’s attacks.
“Service providers nowadays are facing difficult times and should always be equipped with the most cutting edge security appliances in case of fatal crisis like WannaCry.” says Denis Miu, CEO of Genie Networks. “We take pride in knowing that our GenieATM has successfully helped our customers defend against the attack. This (Protecting the network infrastructure) is what we do and what we are good at.”
