You are here


WannaCry Ransomware: How Accellion Can Limit the Impact of an Infection, and Speed Recovery

Posted by Izak Bovee

Unless you’ve been living under a rock, you’re familiar with the WannaCry ransomware attack that was launched recently.

On the off chance you have been living under a rock, let’s get you caught up: an exploit identified by the NSA, and later compromised by hackers, was leveraged to launch a cyberattack earlier this month, infecting over 200,000 end points in over 150 countries with ransomware. WannaCry has encrypted files on vulnerable computers running older operating systems and missing critical patches and then demands $300 to $600 in ransom, payable in bitcoin.

There are a number of defenses readily available to organizations that reduce the risk of ransomware like WannaCry and other malware compromising an organization’s network:

  • Use a current operating system that includes the latest security features (or install patches available for older operating systems)
  • Exercise extreme caution when opening attachments, particularly .zip files
  • Deploy an anti-virus and/or sandboxing solution that scans, flags and blocks infected files from reaching users or executing

In light of the WannaCry epidemic, we wanted to let our customers know that content stored within Accellion’s solutions are protected from ransomware, including WannaCry. Furthermore, we wanted to highlight the ways kiteworks can help limit the impact in the case a system on your network does get infected with ransomware.

Accellion’s solutions are built on a hardened virtual appliance, significantly reducing the number of entry points and all but eliminating the likelihood of a malware attack.

Limiting Reach of Ransomware to Shared Content

While the encryption of files stored on an individual system can disrupt productivity, in many cases leaving no option other than to reimage the machine, there is greater impact when shared network storage attached to an infected machine is encrypted. In these cases, entire departments can lose content, including potential backup files if they were mapped to the compromised machine.

Ransomware relies on the ability to open the file, modify it and replace the file with an encrypted copy, and with mapped drives any shared content could be rendered unreadable.  Accellion provides a secure access layer for enterprise content, wherever it resides. The WannaCry worm is unable to spread via the Accellion system, and fileshares based on the Common Internet File System (CIFS) accessed through kiteworks are protected even if accessed from an infected machine.

Accelerating Time to Recovery

Without paying the ransom, there is little one can do to recover files which were only stored locally on the infected system. Modern ransomware is particularly crafty, including the deletion of shadow copies of files and other methods available to restore lost files.

For users who utilize kiteworks to store their business-critical files, or even copies of their local content for collaboration purposes or simple mobile access, the process of recovery is significantly easier and faster. If files are not kept on individual systems or on network share drives, but instead are accessed through kiteworks, once the infected system is restored to a clean state, any files stored using Accellion can be safely accessed by, or copied back to, the user’s machine. This will allow ongoing operations to continue, and faster recovery than restoring from backup (without paying a ransom).

Even if a user does expose their organization's network to a ransomware virus, and then uploads or syncs an encrypted file through Accellion, the customer can revert to a previously unencrypted copy of the file (as long as the customer has not disabled the file versioning capability which is on by default).

For more information on how Accellion enables organizations to share and collaborate on content securely, please contact us.