Reduce vulnerabilities to the WannaCry/WannaCrypt Ransomware outbreak with Specops

The first line of defense in this scenario is to run the latest Operating system(s) fully patched. The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack, however should be treated as a vulnerability as well.

WannaCrypt ransomware worm targets out-of-date systems

Microsoft Security Bulletin MS17-010 – Critical

MS17-010: Security update for Windows SMB Server: March 14, 2017

Microsoft Support SMB Management post

This String of ransomware uses a specific Remote code execution from Windows SMB 1.0, which was used for Windows XP/Server 2003 functionality. There have since been improvements in SMB 2.0 and SMB 3.0.

Protection against WannaCry/WannaCrypt ransomware: Removing or disabling SMB 1.0 from your corporate network

Removing this feature can be achieved using PowerShell. It is an effective method to return success feedback when running the script, and ensuring the command has been run on connected systems on your network.

There are also ways to do this on your personal machine. You can turn off the Windows Feature ‘SMB1.0/CIFS File Sharing Support.’ As far as getting this disabled for your entire domain, it may take a bit more to deploy and enforce the following command:

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove –norestart

<Or>

Remove-WindowsFeature FS-SMB1

Specops Command provides a platform to monitor and manage the actual command running in your workplace. Specops Command can schedule and execute this action and many more, and provide valuable feedback on execution of the command which can prove to be the type of response you need when minutes count.

Specops Command
Disabling SMB 1.0 with Specops Command

Keep up your protection against WannaCry/WannaCrypt ransomware attacks. Download Specops Command Software here.

Contact us today for a trial license to get through this deployment.

(Last updated on September 27, 2024)

Back to Blog

Related Articles

  • Password Strength Meters – more harm than good?

    Fact one, passwords are here to stay, at least for the near future. Fact two, users have not gotten any better at making them stronger, or using additional factors during authentication. To help users with this seemingly impossible task, many web services offer a password strength meter during the account signup process. With its uncanny…

    Read More
  • Rockyou2024 analysis: Mega password list or just noise? 

    Back in June 2021, a large data dump called ‘rockyou2021’ was posted on a popular hacking forum. It was named after the popular password list used in brute-force attacks called ‘Rockyou.txt’ – and it was a pretty big story at the time. You can see our team’s analysis on it here.   Fast forward to 2024…

    Read More
  • The countries experiencing the most ‘significant’ cyber-attacks

    Over the last decade, cyber security has rapidly become a concerning problem. Rightfully so, given how a cyber-attack can compromise an organisation’s key functions and processes within a matter of seconds, exposing sensitive data to opportunistic criminals. The impact and severity of cyber-attacks can be exhibited by a report from Cybersecurity Ventures, who predict that…

    Read More