On May 12th, 2017 the ransomware WannaCry disrupted hundreds of organisations in dozens of countries. The ransomware encrypts personal and critical documents and files, more information can be found on protecting your organisation on our blog.
It is important to note that Fortinet Solutions successfully blocked this attack.
The worm-like behavior exhibited by this malware is due to an active probe for SMBv1 server port 445 on the local LAN searching for the presence of the Backdoor.Double.Pulsar. If the backdoor is present, the payload is delivered and executed through this channel. If not, a slightly less reliable exploitation route is taken.
For this reason, we are recommending that organisations (for now) block port 445 from the internet, or further, use NGFW capabilities to block the SMB protocol itself from the Internet.
Further information can be found on the Fortinet Blog or if you have any further questions you can Contact Us.