TITAN SI Tests: WannaCry Ransomware vs. 8 AV solutions
The latest ransomware is proving to be the most fearsome yet. Not only are there security alerts from at least three security vendors, one backup vendor and one data management solutions provider, but our national security agency, CyberSecurity Malaysia has also issued a warning on “WannaCry”, the malicious code which has brought hundreds of businesses across 150 countries to their knees over the past weekend.
For the uninitiated victims, there are lists upon lists by cybersecurity players, about what we can proactively do now with our people and processes. However, it is a test and review by local system integrator Titan System Integration, that raises the question, “Are the security technologies deployed by my vendors in my IT environment, protecting me enough?”
Titan SI CEO, Melvin Foong shares his findings when he placed two WannaCry variants into an offline server.
He described, “The WannaCry ransomware for this testing is dated as having existed before it started its worldwide attack last weekend.
“The Cylance version that we use, is also an older version which last updated its policies in April. Cylance is not a signature-based endpoint antivirus solution, but a policy-based one.”
The verdict was that Cylance still managed to detect the worm, an unknown threat at that time, even when in offline mode.
Foong said, “This is due to its patented technologies of identifying threats without the use of signatures, behavioural analysis and sandboxing.”
This ability is one-of-a-kind, he also said and at time of writing he shared that no machines being protected by Cylance Protect has been compromised.
A similar test was conducted of seven other antivirus (AV), using the same conditions and he pointed out that they all failed.
Videos of the testing and their results, are at the end of the article. BitDefender and Cylance were the only two AVs that stood up to the test.
Foong also shared some insight about the recent WannaCry attack – Many machines that were compromised are actually in offline mode, but internally connected to many other machines that are not.
“One of the machines became Patient Zero and started infecting the rest. Thus the ability to function at 99-percent even in offline mode like Cylance is very important.”