+7 (495) 967-14-51 

 Contacts   Sitemap  
Language:  Russian English     Search: 
 
Main page  →  Company  →  News & Events  →  2017
About Us
Awards
Contacts
News & Events
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
Press Center

News

RSS

 

SoftControl SysWatch Provides Reliable Protection against WannaCry and Petya Ransomware

People all over the world have suffered from WannaCry and Petya ransomware. The attack is hitting major infrastructure in the countries where it has spread and has also affected companies ranging from Danish shipping giant Maersk to the British advertising company WPP. The amount of damage is not yet estimated, but the figure will be multivalued. The question is: are there any measures to prevent the infection of the computer and guarantee trouble-free operation of the information system?


The easiest way is to not open attached files and do not click on the links in emails. Each company needs to train its employees the rules of "information hygiene". But phishing emails can look very convincing, and the fear of opening an incorrect email can slow down business processes. In this case, companies need to use additional protection - something more effective than antivirus software, which in such cases does not work.


SoftControl SysWatch is an application that is installed on the device. It has an antivirus component, but its main functionality is based on whitelisting: processes from only the approved list are allowed to run. Even if hackers exploit vulnerabilities in systems and applications SysWatch monitors system privileges of the processes, limits activity scenarios and protects the process buffer from external influences.


Unlike antiviruses, SysWatch does not depend on regular updates and allows companies to protect endpoints of the corporate network from all kinds of malicious software, application vulnerabilities, including zero-day threats and unique malicious code written specially for the attack that does not get widespread and does not get into antivirus databases.


How SysWatch protects from WannaCry and Petya


Both ransomware variants have a similar structure: penetration and cipher. MalwareHunterTeam specialists found out that the Petya loader is supplied with a second encryption malware called Misha. One of WannaCry studies showed that an initial file "mssecsvc.exe" drops and executes "tasksche.exe". The file tasksche.exe checks for disk drives, including network shares, and encrypts these using 2048-bit RSA encryption. While the files are being encrypted, the malware creates a new file directory 'Tor/' into which it drops tor.exe and nine dll files used by tor.exe. Additionally, it drops two further files: taskdl.exe & taskse.exe. The former deletes temporary files while the latter launches @wanadecryptor@.exe to display the ransom note on the desktop to the end user. The @wanadecryptor@.exe is not in and of itself the ransomware, only the ransom note. And this is only one of several scenarios for the malware operation.


SoftControl SysWatch:


  1. Blocks any processes that are not included in the approved list.
  2. Recognizes the disguise of a malicious program as a trusted program.
  3. Allows to restrict directories to run programs and to block unauthorized attempts to modify or create files and processes.

Currently SysWatch is installed on more than 500 thousand devices in 24 countries of the world and none of them has been subjected to destructive influence of the malware.


Learn more about SysWatch

 

June 28, 2017


All news  |  Print this page


June 13, 2017 


 

Computer security: Information security solutions | Host Intrusion Prevention System (HIPS) | Endpoint protection | The best virus protection | Whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection | Online banking security | Online payment protection | Data leakage prevention (DLP) | Information security in medicine
  License   Press Center   Awards   Contacts   Sitemap   RSS 
SafenSoft, 2004-2017. All rights are reserved. Privacy policy