WannaCry? You’ve got the poison, now get the remedy.

Rory MonaghanSecurity, Windows 10

WannaCry Malware

 

The WannaCry ransomware cyber attack has highlighted the importance of ensuring you are always up to date with the latest software updates available to you.

In this article, Algiz CTO, Rory Monaghan explains what critical action you should take now to protect your organisation from a WannaCry attack and related ransomware, and also what you need to be doing immediately after that.

What’s the problem?

This particular attack leveraged vulnerabilities exposed by the NSA related to SMBv1 (Server Message Block). SMB is used for providing shared access to files, printers and other types of shared devices.

SMBv2 was released with Windows Vista, and v3.x was released with Windows 8\Windows Server 2012. Although Windows 7 released with SMBv2, SMBv1 still featured as some applications were designed to use SMBv1. Even in Windows 10, SMBv1 is included and enabled by default. The only applications that may need SMBv1 are legacy applications.

Short-term fix for WannaCry

Microsoft has previously advised organisations to disable SMBv1, and you can do this via the registry or PowerShell:

Registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry

DWORD: SMB1 Value=0

PowerShell

Set-SmbServerConfiguration -EnableSMB1 Protocol $false

Microsoft released a patch in March of 2017 to address the security hole in Windows 7, and another way to protect yourself is to ensure you have the update included in MS17-010 for your Windows 7 desktops.

Unfortunately, Windows XP and Windows Server 2003 are at risk and still to be found in many organisations. Microsoft guidance for the attacks is available here.

Long-term fix – move to Windows 10

Another great way of preventing problems such as WannaCry is by moving to Windows 10! Windows 10 users were not exposed in any way to this attack, but many companies put off the migration to Windows 10 because they have been thinking “my apps work right now, so why should I bother?”

Windows 7 is already out of mainstream support. It will be out of extended support on January 14th, 2020. Windows 7 is already quite old, many of it’s security issues are addressed by patches, many of these security issues were addressed with major overhauls within Windows 10. A typical Windows migration takes 18 months. I don’t believe the Windows 10 migration is a typical migration. The majority of applications that work on Windows 7 today WILL work on Windows 10 too. Following this attack, there’s no good excuse not to start your Windows 10 migration.

NOTE: To make your migration easier, Rory’s documented tools and tips you should use in the article “Tools and tips to get your Windows 10 migration off to a flying start”.

We hope you find it helpful.


ABOUT THE AUTHOR

Rory Monaghan

Rory is Algiz Technology’s CTO Americas.  A man of many talents, he’s a Microsoft Windows IT Pro MVP, international speaker and contributes to the online App-V community via his blog www.rorymon.com.

 

Share this Post