This technical advisory contains critical information on how ForeScout customers can use CounterACT to mitigate the WannaCrypt/WannaCry ransomware attack.
The WannCrypt/WannaCry ransomware attack has impacted organizations worldwide and infected hundreds of thousands of Windows computers. Although the initial version of the attack was shut down by a “kill switch”, experts warn that variants of the ransomware without the kill switch could launch a second wave of infections.
How does ForeScout help protect customers from the WannaCrypt ransomware?
First, ForeScout customers that use the “Windows Update Compliance” policy template within ForeScout CounterACT®, and initiate Windows update on non-compliant endpoints to keep them up-to-date, are already protected from this cyberattack on Microsoft supported Windows versions.
The WannaCrypt ransomware uses an SMB vulnerability as one of the infection vectors to propagate itself and Microsoft published patches to resolve this vulnerability for supported Windows versions on March 14, 2017 (Microsoft Security Bulletin MS17-010). The CounterACT HPS vulnerability DB 17.0.3, released on March 20, 2017, includes this vulnerability update.
In addition, due to the global impact of this threat, ForeScout is releasing security policy templates that help customers quickly identify and mitigate WannaCrypt ransomware in their environments. These policy templates are being made available via a new CounterACT content plugin called “Security Policy Templates”
The Security Policy Templates content plugin v17.0.5 includes templates to identify:
- WannaCrypt vulnerable endpoints
- WannaCrypt infected endpoints
Customers can create policies using these templates and add actions to mitigate the risk from vulnerable and infected endpoints. These templates also include support for Windows versions that are no longer officially supported by Microsoft – Windows XP, Windows 8 and Windows Server 2013.
The CounterACT Security Policy Templates content plugin is available to all ForeScout customers with valid ActiveCare Maintenance and Support contracts. Customers can download the content plugin and documentation from updates.forescout.com.
For more details and instructions, please login to the support portal and search for Article #4388 under the Knowledgebase section. To log into the support portal, please have your credentials ready and click here: https://www.forescout.com/support/login/
For More Information:
For any questions, customers can contact ForeScout Customer Care at www.forescout.com/support.
THIS ALERT IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION IN THIS ALERT OR MATERIALS LINKED FROM THIS ALERT IS AT YOUR OWN RISK. FORESCOUT RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ALERT AT ANY TIME.
ForeScout Confidential and Proprietary
This Alert may contain ForeScout proprietary and confidential information and must be protected by the recipient accordingly. The information in this Alert is not meant for general dissemination and may only be used by the recipient in connection with the services reflected in this Alert. Any unauthorized use or dissemination of this Alert in whole or in part is strictly forbidden.
© 2017. ForeScout Technologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT (as applicable) are trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners.