The WannaCry ransomware cyber attack has highlighted the importance of ensuring you are always up to date with the latest software updates available to you.
In this article, Algiz CTO, Rory Monaghan explains what critical action you should take now to protect your organisation from a WannaCry attack and related ransomware, and also what you need to be doing immediately after that.
What’s the problem?
This particular attack leveraged vulnerabilities exposed by the NSA related to SMBv1 (Server Message Block). SMB is used for providing shared access to files, printers and other types of shared devices.
SMBv2 was released with Windows Vista, and v3.x was released with Windows 8\Windows Server 2012. Although Windows 7 released with SMBv2, SMBv1 still featured as some applications were designed to use SMBv1. Even in Windows 10, SMBv1 is included and enabled by default. The only applications that may need SMBv1 are legacy applications.
Short-term fix for WannaCry
Microsoft has previously advised organisations to disable SMBv1, and you can do this via the registry or PowerShell:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry DWORD: SMB1 Value=0
Set-SmbServerConfiguration -EnableSMB1 Protocol $false
Microsoft released a patch in March of 2017 to address the security hole in Windows 7, and another way to protect yourself is to ensure you have the update included in MS17-010 for your Windows 7 desktops.
Unfortunately, Windows XP and Windows Server 2003 are at risk and still to be found in many organisations. Microsoft guidance for the attacks is available here.
Long-term fix – move to Windows 10
Another great way of preventing problems such as WannaCry is by moving to Windows 10! Windows 10 users were not exposed in any way to this attack, but many companies put off the migration to Windows 10 because they have been thinking “my apps work right now, so why should I bother?”
Windows 7 is already out of mainstream support. It will be out of extended support on January 14th, 2020. Windows 7 is already quite old, many of its security issues are addressed by patches, many of these security issues were addressed with major overhauls within Windows 10. A typical Windows migration takes 18 months. I don’t believe the Windows 10 migration is a typical migration. The majority of applications that work on Windows 7 today WILL work on Windows 10 too. Following this attack, there’s no good excuse not to start your Windows 10 migration.
NOTE: To make your migration easier, Rory’s documented tools and tips you should use in the article “Tools and tips to get your Windows 10 migration off to a flying start”.
We hope you find it helpful.