How to protect your business against Ransomware

F-Secure's solutions[type=button link=products scroll]


F-Secure Labs has been warning about the exponential growth of ransomware. Crypto-ransomware called WannaCry, WCry, WannaCrypt, or the likes — which exploded across the globe on Friday — unfortunately proves the predictions right. Multiple organizations have been hit, and infected users are unable to use their machines unless they pay a ransom in Bitcoin.

Here’s our Labs’ description of what we know and don’t know about WannaCrypt by now.
For more information about this removal tool, go to Online Scanner.
Short recap

WannaCrypt ransomware, also known as WanaCrypt, WannaCry, or Wcry, has exploded across 60+ countries, infecting hospitals, businesses, metro stations, universities, operators’s, and more organizations. F-Secure analysts follow the development closely.

WannaCrypt spreads to vulnerable Windows endpoints by a Trojan that spreads within the networks by exploiting a vulnerability in Microsoft's SMB file-sharing services. More specifically, it exploits a bug designated CVE-2017-0145 or MS17-010 that Microsoft patched in March for modern versions of Windows, and today for legacy versions. All unpatched systems remain vulnerable and therefore can be attacked.
How do we protect our customers against WannaCry?

To cut to the chase, F-Secure products block WannaCry ransomware. Our endpoint products proactively prevent all in-the-wild examples of the WannaCry ransomware. F-Secure vulnerability management product flags the used vulnerabilities within the system for remediation. 

We have detected the ransomware since its inception, meaning that the protection has been available to all F-Secure endpoint customers already before the outbreak. F-Secure endpoint products offer protection against WannaCrypt on three layers to ensure that the attack can be stopped in multiple points during the attack chain.
1.   F-Secure’s integrated patch management feature, Software Updater, prevents WannaCrypt from exploiting of the EnternalBlue vulnerability by automatically deploying the related security patches.<
2.   F-Secure’s Deepguard functionality provides host-based behavioral analysis and exploit interception that blocks WannaCrypt.
3.   F-Secure’s Firewall prevents WannaCrypt from spreading laterally in the environment and encrypting files.

F-Secure’s vulnerability manager, F-Secure Radar, flags the missing Microsoft security patch and the vulnerable 445 port for immediate action for IT administrators, having given them ample time to fix the vulnerabilities before the outbreak.

What should you do?
1.   Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
2.   Identify endpoints without the Microsoft issued patch (4013389) with Software Updater or other available tool.
3.   Patch it immediately with Software Updater or other available tools.
In case you are unable to patch it immediately, we recommend to disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce attack surface
4.   Configure the firewall to properly block traffic
Block 445 inbound to all internal and internet-facing Windows systems to prevent workstations from getting infected
Block 445 outbound from servers to prevent the servers from spreading WannaCrypt within the environment
Alternatively, you can set F-Secure Firewall policy to its highest setting, which has predefined rules to block the attack.

See also the 'How to protect your business against ransomware' and 'How to remove ransomware' sections of this site for more practical advice and F-Secure solutions against ransomware.
Learn more about F-Secure's solutions[type=button link=products scroll]
What is ransomware?[type=button link=https://secure.f-secure.com/ransomware-what-is]


F-Secure’s multi-layered approach to security is comprised of the following modules, each designed to address a particular aspect of the threat landscape and to work together to provide a complete solution. An additional layer is the F-Secure Security Cloud. It’s a cloud-based digital threat analysis system operated by F-Secure Corporation. Read more about F-Secure Deepguard in the DEEPGUARD WHITEPAPER.

Download[type=button link=https://www.f-secure.com/documents/996508/1030745/deepguard_whitepaper.pdf]
Gray lighter #f5f5f5



Business Suite is an on-premise business security solution with advanced security management features suitable for businesses of all sizes with demanding high security requirements.

Much more than just anti-virus protection, Business Suite is a complete protection package that secures everything from gateway to endpoints against known vulnerabilities and emerging 0-day threats.

Read more


Protection Service for Business is a cloud service that solves challenging security and management needs, without significant maintenance or management. It's designed to secure a large variety of endpoints, both at the office and on the go.

It's a solution that provides outstanding security for all devices, including Windows and Mac computers, iOS and Android smartphones and a large variety of server platforms.

Start a free 30-day trial


Rapid Detection Service is a managed all-in-one service that detects and responds to advanced attacks. We combine best-in-class cyber security experts, threat intelligence and the latest technologies for 24/7 advanced threat protection. When we detect an attack, you'll know about it – in less than 30 minutes.

Read more