Skip to content

Home Special Announcement WannaCry Ransomware
WannaCry Ransomware
Monday, 15 May 2017 13:22

alt

Description:
WannaCry ransomware attacks out-of-date Microsoft OS through the exploitation of a critical Windows SMB vulnerability(MS17-010).

CVE Number:
CVE-2017-0143 ~ CVE-2017-0148

Systems Affected:
Windows XP/Vista/7/8/8.1/10(1507,1511,1607), Server 2008/2008 R2/2012/2012 R2,and Windows RT.

Prevention:
1. Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017. Enable automated patches for the operating system and Web browser. Given the potential impact to customers and their businesses, Microsoft also released Security Updates for end-of-support systems(Windows XP, Windows 8, and Windows Server 2003).Download links are available in this post: "Customer Guidance for WannaCrypt attacks".
2. Config firewall to block unsolicited SMB communication (port135/137/139/445) from the Internet.
3. Ensure anti-virus software is up-to-date.
4. Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location (offline).

Remediation:
Shut down infected machine and remove the disk.Reinstall operating System and apply Windows update. Organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup. Don't use the infected disk on other systems to prevent it from spreading.


 
[YOUR IP : 54.81.166.196: 49982] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...