회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

Notice

Title Date
WannaCry ransomware massively attacks computer systems all over the world
wannacry infection map A new ransomware strain named WannaCry (aka WannaDecryptor, aka WannaCryptor, aka WanaCypt0r, aka WCry) has infected more than 57,000 computers in 74 countries around the world so far. According to Avast malware researcher Jakub Kroustek, most of the detections are coming from Russia, Ukraine, India and Taiwan. wannacry attack distribution Kaspersky Lab forum users report that the WannaCry ransomware managed to infiltrate the internal computer system of the Ministry of Internal Affairs of Russia and Investigative Committee of Russia. “It first appeared in February 2017, but now it’s updated and looks different than previous versions”, said one of the Kaspersky Lab forum users. Spain’s Computer Emergency Response Team CCN-CERT also posted an alert on their site about a widescale ransomware attack affecting a few Spanish organizations. The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. The WannaCry attacks are initiated using an SMBv2 remote code execution in Microsoft Windows OS. The EternalBlue exploit has been made publically available through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. However, many companies and public organizations have not yet installed the patch to their systems. The ransomware encrypts the files and also drops multiple ransomware notes on different languages. WannaCry demands to pay $300 in Bitcoin wallet. WannaCry virus provides timer countdown warning that the payment amount will be raised after 3 days and the victim will completely lose their personal files after 7 days. wannacry ransom demand The ransomware also changes the victim’s wallpaper with instructions on how to pay the ransom demand and how to get the decryptor tool. wannacry ransom note The transactions statistics of Bitcoin wallets used by WannaCry creators show that some of the victims have already paid the ransom. The file extensions targeted by the WannaCry ransomware include:
  • Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
  • Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv).
  • Emails and email databases (.eml, .msg, .ost, .pst, .edb).
  • Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
  • Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
  • Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
  • Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
  • Virtual machine files (.vmx, .vmdk, .vdi).

How to Prevent WannaCry infection?
1. Make sure that all hosts have enabled endpoint anti-malware solutions. 2. Install the official Windows patch (MS17-010), which closes the SMB Server vulnerability used in this ransomware attack. 3. Scan all systems. After detecting the malware attack as MEM:Trojan.Win64.EquationDrug.gen, reboot the system. Make sure MS17-010 patches are installed. 4. Backup all important data to an external hard drive or cloud storage service. [Source : MalwareLess, May 12, 2017, https://malwareless.com/wannacry-ransomware-massively-attacks-computer-systems-world] A more obvious defense is to install a Zombie ZERO that defends a new Ransomware based on behaviors. Zombie ZERO can defend the second WannaCry against new and variant Ransomware without signatures. Existing antiviruses can not prevent the upcoming WannaCry, a new malware. For more information, please call +82-2-1544-5317 or visit www.npcore.com. Go to Ransomware Response Solution on Endpoint : ZombieZERO EDR for Ransomware
2017.05.14

NPCore participated in the 'ISEC 2016' and demonstrated the APT defense solution

Author
admin
Date
2016-09-02 00:00
Views
100
NPCore participated in the 'ISEC 2016' and demonstrated the APT defense solution
NPCore participated in 'The 10th ISEC 2016' (Information Security Conference) held in COEX on Aug. 30  and unveiled the APT and ransomware 2 level defense solution 'ZombieZERO' and demonstrated the solution.

As the crisis about cyber attack is increasing due to Interpark's personal data exfiltration and growth of ransomware damage, security consciousness of public agency and enterprise is strengthened. So many industry insiders attended NPCore's latest solution demonstration.

20160902000964_0.jpg



Han, NPCore's CEO said that if the existing Anti-Virus SW based on detection/analysis/treatment of pattern is attacked by new malware, posterior measures are possible after Zero-day(demaged interval), it's the limitaion of Anti-Virus SW, while ZombieZERO can detect/analyze/treat new malware's attacks in real time based on pattern and behavior.

APT two level defense solution, ZombieZERO is installed on I/O driver level of a high technical difficulty, so prevents the conflict with external programs, and doesn't affect to program operation, and ensures system stability. For competitors, they run the solutions by use separately, so customer should purchase each of them, but 'Zombie ZERO' operates with only one equipment, so it has a competitiveness in terms of management efficiency and cost saving.
Especially, Zombie ZERO has price competitiveness of 30% in comparison with foreign products and 15% roughly in comparison with domestic products, so the demand is increasing trend. It has also competitivenesses such as cutomizing and A/S, CC certification of NIS, Korean support compared to foreign products, so it's expected that Zombie ZERO's market share wil be expanded.

On August 31, the last day of the conference, NPCore's officer, Kwon delivered a speech about 'Ransomware response and methods through behavior-based detection'. There was explanation about the hottest issue, ransomware's block function and real time Q&A using Facebook. After the speech, he showed ransomware block video and demonstration at the exhibition booth, and led to the hot reaction from visitors.

Besides ZombieZERO, at the booth, NPCore introduced three newly launched solutions such as ▲ 'ZombieZERO Virtual Appliance' to implement ZombieZERO Inspector's function by equipping with only SW version  ▲ 'TERRACE MAIL Security' - Integrated mail security product for proactive response to email APT attacks  ▲ 'RansomZERO' combining 3 defense techlologies such as behavior-based detection/defense technology and real time backup technology. They led the attention of visitors.

Meanwhile, during '10th International Cyber Security Conference', more than 300 people from government agencies and companies visited NPCore's booth, and NPCore concretely consulted more than 40 companies including more than 30 government agencies about ZombieZERO, and scored big business performance.