Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 13 subscribers
  • Views 12118 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X releasing any new updates for Wannacry ransomware

itguy318

Dear Sophos

We have been using your product for about a year. Just learnt Wannacry ransomware spread on systems that were using Sophos. Have you got any plans to release updates for Intercept X. 

 



This thread was automatically locked due to age.
Parents

  • Umm......

    if you look here:

    https://community.sophos.com/kb/en-us/126733

    I think Intercept X would have stopped it but Sophos AV & Endpoint wouldn't have until the updates were applied. To be fair, Sophos did come out with the update fairly quickly for the AV & endpoint.

    I also think there will be a flood of variants coming out very quickly with this as the scale of unpatched systems have been revealed and time is of the essence for these hackers/script kiddies to make the most of it before the windows (parden the pun) close.

    The spread has been mitigated for now but the new variant will probably not succumb to such an easy halting of it.
    Problem is, with a new variant, AV's etc have to wait for new signatures/definitions to catch it whereas an intercept X product can catch it via its behavior without specific definitions.

    This is why our company will be investing in the endpoint exploitation plugin. It's something we were considering doing anyway but this episode has just brought it forward. Problem is, it's not cheap and I'm not sure of the cost for single/home users. Ultimately, I think AV vendors will just have to include it in their product as standard but that will be a little bit away I think and will only come into effect when one vendor releases a system that can and people start to jump ship.

Reply

  • Umm......

    if you look here:

    https://community.sophos.com/kb/en-us/126733

    I think Intercept X would have stopped it but Sophos AV & Endpoint wouldn't have until the updates were applied. To be fair, Sophos did come out with the update fairly quickly for the AV & endpoint.

    I also think there will be a flood of variants coming out very quickly with this as the scale of unpatched systems have been revealed and time is of the essence for these hackers/script kiddies to make the most of it before the windows (parden the pun) close.

    The spread has been mitigated for now but the new variant will probably not succumb to such an easy halting of it.
    Problem is, with a new variant, AV's etc have to wait for new signatures/definitions to catch it whereas an intercept X product can catch it via its behavior without specific definitions.

    This is why our company will be investing in the endpoint exploitation plugin. It's something we were considering doing anyway but this episode has just brought it forward. Problem is, it's not cheap and I'm not sure of the cost for single/home users. Ultimately, I think AV vendors will just have to include it in their product as standard but that will be a little bit away I think and will only come into effect when one vendor releases a system that can and people start to jump ship.

Children
No Data
Unfiltered HTML