This weekend has been a nightmare for IT teams around the world as the WannaCryptor ransomware spread to from PC to PC demanding bitcoin.
For those that missed the news at the weekend here’s a quick primer. On Friday a security researcher discovered a new strain of ransomware that went on to take hold of England’s National Health Service.
The ransomware is known as WannaCryptor (or WannaCry) and this weekend it spread to around 150 countries infecting PCs running Windows. The infection was so bad Microsoft released a security patch for Windows XP, an operating system it stopped supporting in 2014.
The question now is, could the infection have been stopped?
In what can only be described as the coincidence to dwarf all other coincidences Deon and myself visited Cyberintelligent Systems on Friday to learn about the next-gen endpoint security software it distributes called SentinelOne.
What SentinelOne does rather well is protect against ransomware. The firm is so sure of its product that it’s willing to pay $1 million per infected company or $1 000 per affected endpoint to attackers should it be unable to restore your files.
With the news this weekend we got to thinking, could SentinelOne have stopped WannaCry in its tracks? Failing that could the software perform as claimed and reverse the effects of the ransomware?
Take a look at the video below to find out.
In the video SentinelOne is set to Alert mode which allows any program (including malicious ones) to run. As you can see WannaCry is allowed to infect the target PC but rather than paying up the $300 in bitcoin the firm uses its software to roll the PC back to the state it was in before the infection.
Of course prevention is better than cure so take a look at how the software kills off WannaCry before it even has a chance to run in this second video.
We should point out that this would only work if the infected PC had SentinelOne installed before the ransomware infection.
What makes SentinelOne different from other security solutions is that looks at how programs behave rather than comparing programs against a list of pre-existing hashes and signatures.
While these identification methods are used the key to the solutions success is that it is able to identify new strains of malware that may have not yet been spotted in the wild.
SentinelOne is available online for home, small business and enterprise users but be warned a single license for a single PC home use will cost you R1 095.
If that is out of your price range we urge you to take a proactive approach to your security and avoid clicking unknown links, downloading files from suspicious websites or email contacts and updating your software to the latest version.
[Image – CC BY 2.0 redjar]