Solved

Webroot Anywhere Protect against WannaCrypt infection?


Userlevel 2
Does anyone know if Webroot SecureAnywhere protects against infection by the current WannaCrypt malware?  I haven't seen anything about this in e.g. a Webroot news release.
icon

Best answer by Baldrick 13 May 2017, 15:16

View original

20 replies

I have the same urgent question.  Who responds to these??
 
Hello Kevin2,
 
Welcome to the Webroot Community.
 
This question was posed to Webroot threat researcher DanP, in a private forum.  According to him, yes, WSA protects against this malware.
 


 
Also, check these out. ;)
 
https://community.webroot.com/t5/Security-Industry-News/The-Best-Ransomware-Protection-of-2017/m-p/291845/highlight/true#M34419
 
 
 
https://community.webroot.com/t5/Knowledge-Base-Business/Helpful-Guides-for-Preventing-Ransomware/ta-p/274892
 
 
Hope this info helps,
 
BD
Userlevel 7
Hi bettytonsing / Kevin2
 
Welcome to the Community Forums.
 
If I may add to what Dave has posted...the best protection of all is vigilence & (i) not opening emails from unknown sources or (ii) unexpected emails from known sources...and certainly not clicking on and/or opening any attachments they may contain.
 
And then if something does unfortunately get through then WRSA should have your back.
 
Regards, Baldrick
Userlevel 2
OK, Thanks BurnDaddy
Userlevel 2
Thanks, Baldrick!   
Yes, "Braces and Suspenders" is best approach...
@ wrote:
OK, Thanks BurnDaddy
 
You're welcome, Kevin. And,as Baldrick has wisely stated, using common-sense practices to minimize the avenues of infection is certainly the first place start. ;)
 
Cheers,
BD
 
ps. Be sure to use an Adblocker as well. This will greatly minimize things like fake technical support popups/warnings and popups that may try and direct you towards malicious sites/links.
 
These are some we use and recommend here in the Community;
 
For Internet Explorer Ad Block Plus: https://adblockplus.org/
 
For Firefox uBlock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=ss or Privacy Badger: https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/

 
Google Chrome uBlock Origin: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
@ wrote:
  Who responds to these??
 
Hi bettytonsing,
 
Welcome to the Webroot Community.
 
We are a community of Webroot users who volunteer their time here helping other Webroot users. Many of us have been using Webroot for many years. There is a wealth of information here regarding Webroot and other issues as well. If you have any questions, feel free to ask. If you need to contact technical support then please  submit a support ticket (24/7) or contact Webroot suppport  by phone during normal business hours. ;)
 
Cheers,
BD
Userlevel 6
Badge +16
I follow a few AV testers on youtube, one of them posted about this ransomware yesterday and I did see in VIRUSTOTAL webroot was one of them that did recognize the threat and would block it. Just another way to check if you ever want to.
 
Also check https://community.webroot.com/t5/Announcements/Webroot-added-to-VirusTotal/td-p/285432 for more info on virustotal and webroot.
Adguard AdBlocker browser extension
https://adguard.com/en/adguard-adblock-browser-extension/overview.html
Userlevel 7
Badge +56
@ wrote:
Adguard AdBlocker browser extension
https://adguard.com/en/adguard-adblock-browser-extension/overview.html
We only post and suggest free ad blocker products. Adguard is not free. Also WSA already protects you from Phishing and Malicious Websites. https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#ManagingIdentityProtection/ManagingIdentityProtection.htm%3FTocPath%3DManaging%2520Identity%2520Protection%7C_____1
 

@ wrote:
@ wrote:
Adguard AdBlocker browser extension
https://adguard.com/en/adguard-adblock-browser-extension/overview.html
We only post and suggest free ad blocker products. Adguard is not free. Also WSA already protects you from Phishing and Malicious Websites. https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#ManagingIdentityProtection/ManagingIdentityProtection.htm%3FTocPath%3DManaging%2520Identity%2520Protection%7C_____1
 
 
 
Adguard AdBlocker browser extension are FREE and block Ads
https://addons.mozilla.org/en-us/firefox/addon/adguard-adblocker/
https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en


 
 As we've discussed before.  Simply remove what ever does not satisfy you or Guidelines.
 
Userlevel 7
Badge +48
We posted this yesterday on another thread, that was mentioned earlier, but just in case you didn't see it, here's a link to our latest blog post about WannaCry. 
 
 
Userlevel 7
Badge +48
As the second wave of WannaCry spreads across the globe, the latest estimate from the leading European police agency Europol suggests the malware has hit over 200,000 victims over 150 countries. You can catch up on some of the latest news here.  
 
Although a second kill switch has been identified and registered today, there is no certainty that this second kill switch will address all malware variants. Europol continues to recommend that one of the best defenses is to take advantage of the patches released by Microsoft.
 
Webroot currently has strong protection in place for WannaCry, and has already reviewed and fortified its protection and detection routines to protect its users against future variants that may appear. As Webroot sees every new executable file introduced on systems where Webroot SecureAnywhere is installed, we get rapid insight into all types of new malware.  
 
This allows us to quickly create and/or improve upon our best-in-class detection mechanisms for zero day threats.
 
More information on our blog here. 
Userlevel 7
Badge +56
@ wrote:
@ wrote:
@ wrote:
Adguard AdBlocker browser extension
https://adguard.com/en/adguard-adblock-browser-extension/overview.html
We only post and suggest free ad blocker products. Adguard is not free. Also WSA already protects you from Phishing and Malicious Websites. https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#ManagingIdentityProtection/ManagingIdentityProtection.htm%3FTocPath%3DManaging%2520Identity%2520Protection%7C_____1
 
 
 
Adguard AdBlocker browser extension are FREE and block Ads
https://addons.mozilla.org/en-us/firefox/addon/adguard-adblocker/
https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en


 
 As we've discussed before.  Simply remove what ever does not satisfy you or Guidelines.
 
I still wouldn't recommend or use it. I personally like and recommend uBlock Origin.
@ wrote:
We posted this yesterday on another thread, that was mentioned earlier, but just in case you didn't see it, here's a link to our latest blog post about WannaCry. 
 
 
Thank you for posting,@. Good to hear here from Webroot on this. ;)
 
BD
Userlevel 7
Badge +48
Of course. Happy to share. In case you haven't seen our latest blog post, we've got another update as the 2nd wave of WannaCry spreads here.
Userlevel 7
Badge +48
Over the past couple of days I've seen a few questions coming in from the community about WannaCry and wanted to share with the rest of you: 
 
  1. How does Webroot detect and prevent infection by Wannacry or other Trojans?
We have proprietary detection systems in place. In the case of WannaCry, our Webroot SecureAnywhere (WSA) detected and blocked it just like any other malware that we see. What was unique about this malware was its distribution method. You can find additional information about how WSA works on our data sheet here.
 
  1. Does this mean that no customer running Webroot has been, or indeed will be, affected by WannaCry?
It takes time to learn about every threat and learn how to protect against it. This being said, our call volume has not been impacted at all by this threat. However, if someone has an unpatched system, there is potential for infection due to the vulnerability within the OS mentioned, read this article for details. We also have other tools to assist in auto-remediating malware.
 
As a reminder, to prevent this threat from propagating within your environment, in any way, please review our Ransomware Prevention Guide and implement the suggestions listed
 
  1. Do you have evidence that the initial infection vector was email?
While our threat teams are still actively researching the threat, we know it is propagating by probing and exploiting vulnerable systems.
 
  4. At what point in time did Webroot detect this new version of WannaCry?
 
Our threat intelligence platform encountered it at 8:30 a.m. UTC. Shortly thereafter, we blocked it for customers.
Userlevel 7
Badge +7
Good info in this thread already, regarding protection.
 
Here are a few of the steps that I take and so far it has worked.  Even if you can't stop them.... you can still recover if you follow best practices.
 
1)    USE WEBROOT!!!!
2)    Keep you OS version up to date.
3)    Keep you OS patches up to date.
4)    Keep your software patched, ie: flash and others.
5)    Perform weekly full image or conventional dependable backups and daily incremental or differential backups.
6)    Validate images and or backups.
7)    Store at least one copy of the image or backup offline.
8)    Immediately copy important files or emails that arrive between imaging  or backups offline.
9)    Disconnect from the internet whenever you don't need to be online or you are away from your computer.
        I do this by simply unbinding IP and re-binding when I am ready to go back online.  It only takes a second.
10)  Don't open emails from sources that you are not familiar with.  If you can't control your curiosity, do it in an environment that disables links and images or text mode.
11)  Don't click on email links unless you are sure of the source and destination.
12)  Don't download files or images that you are not absolutely sure of.
13)  Don't visit sites that do not have a good reputation.
14)  Block popups in your browser.
15)  Use a good ad-blocker.

These are just a few and not inclusive of all possible techniques.
 
Stay safe out there,
Dave
Userlevel 7
Badge +56
The best protection is Education then using the thing between your ears!

Userlevel 7
Badge +62
@ wrote:
Good info in this thread already, regarding protection.
 
Here are a few of the steps that I take and so far it has worked.  Even if you can't stop them.... you can still recover if you follow best practices.
 
1)    USE WEBROOT!!!!
2)    Keep you OS version up to date.
3)    Keep you OS patches up to date.
4)    Keep your software patched, ie: flash and others.
5)    Perform weekly full image or conventional dependable backups and daily incremental or differential backups.
6)    Validate images and or backups.
7)    Store at least one copy of the image or backup offline.
8)    Immediately copy important files or emails that arrive between imaging  or backups offline.
9)    Disconnect from the internet whenever you don't need to be online or you are away from your computer.
        I do this by simply unbinding IP and re-binding when I am ready to go back online.  It only takes a second.
10)  Don't open emails from sources that you are not familiar with.  If you can't control your curiosity, do it in an environment that disables links and images or text mode.
11)  Don't click on email links unless you are sure of the source and destination.
12)  Don't download files or images that you are not absolutely sure of.
13)  Don't visit sites that do not have a good reputation.
14)  Block popups in your browser.
15)  Use a good ad-blocker.

These are just a few and not inclusive of all possible techniques.
 
Stay safe out there,
Dave
Again Thank you for this information. i have also bookmarked this as @ has.

Reply