Success Stories

GenieATM helps service providers effectively monitor and alert on WannaCry attacks

2017.05.19

On May 2017, a vicious ransomware known as WannaCry has swept the world with its infection among Microsoft Window computers. The attack targets a security loophole called EternalBlue which was developed by US National Security Agency (NSA) and infiltrates into users system. Once the hacking process is complete, the attack will immediately encrypt all data in the users’ systems and demand a 300-500 bitcoin ransom to unlock.

 

 

 

 

 

What makes this ransomware so deadly is the speed of its infection. WannaCry’s outbreak was first discovered in London on May 12th, and up to now (May 18) reports have shown that more than 200,000 computers were infected across 150 countries. Countries in Europe, especially the United Kingdom, have suffered the most severe damages with hospitals and organizations shutting down due to the attack. With the victim numbers still escalating, WannaCry is seen as the most destructive cyber-attack in the past few years.

 

 

In order to defend against the attack, understanding WannaCry’s attacking traits and behaviors is the first fundamental step. GenieATM is a flow-based traffic analysis solution that is designed to deliver real-time traffic analysis and security protection for internet service providers. The system is equipped with a real-time profiler to analyze traffic behavior. When suspicious traffic is detected, GenieATM cross-matches its signatures with GenieATM inbuilt anomaly database and send out alarms to timely notify network operators. In this WannaCry incident, GenieATM monitors the service provider’s whole network infrastructure for the Server Message Block (SMB) protocol traffic, which is used by WannaCry to launch its infection. GenieATM can also alert on the anomaly SMB traffic rate deviating from its normal traffic rate. In addition to the monitoring and alerting, GenieATM also provides full attribute reports of WannaCry to offer users the insights on the attack spreading, and hence can take the right action of defending the attack. To date, several China’s top-tier ISPs have reported that GenieATM has effectively helped them to define WannaCry’s attacks.

 

 

“Service providers nowadays are facing difficult times and should always be equipped with the most cutting edge security appliances in case of fatal crisis like WannaCry.” says Denis Miu, CEO of Genie Networks. “We take pride in knowing that our GenieATM has successfully helped our customers defend against the attack. This (Protecting the network infrastructure) is what we do and what we are good at.”

RELATED
Success Stories
2018.12.17
TransIP Adopts GenieATM for DDoS Protection and Mitigation
Throughout the years, Genie Networks has set foot in the Dutch market for DDoS security and traffic analysis and helped numerous Dutch ISPs and web hosting companies secure their backbone network infrastructure and their customers’ networks. To add...
Success Stories
2018.11.22
Genie Supported Telin in an Annual IMF event 2018
Telin, a subsidiary of Telkom, the largest telecommunication service provider in Indonesia, adopted Genie Network’s traffic analysis and DDoS attack solution to ensure network stability and security for the 2018 Annual Meeting of the International ...
Success Stories
2018.06.26
Akon Technologies and Genie Networks protect VEON customers against DDoS attacks during World Cup 2018.
Genie Networks, a technology leader in traffic visibility and Distributed Denial of Service (DDoS) protection, will provide the technology against DDoS attacks for Russian telecommunications leader VEON during the World Cup. One of the priorities ...