As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The ransomware encrypts files on an infected computer and asks the computer’s administrator to pay a ransom in order to regain access.
The ransomware attack is apparently spreading through a Microsoft Windows exploit called “EternalBlue,” for which Microsoft released a patch in March. That month, Fortinet released an initial IPS signature to detect vulnerabilities against MS17-10. This signature specifically looks for SMB type vulnerabilities. Earlier this week, Fortinet updated our IPS signature to further enhance detection. It appears this update detects the ransomware. Yesterday, we released an AV signature that detects and stops this attack. [Third-party testing has confirmed that Fortinet Anti-Virus and FortiSandbox are blocking the attacks.]
To learn more or if you have questions or concerns, please don’t hesitate to contact Digicorp, a premier partner of Fortinet and an asset to your business. We will stand with our customers during these malicious attacks. You can also find updates on the Fortinet Blog: https://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware