Reduce vulnerabilities to the WannaCry/WannCrypt Ransomware outbreak with Specops

The first line of defense in this scenario is to run the latest Operating system(s) fully patched. The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack, however should be treated as a vulnerability as well.

WannaCrypt ransomware worm targets out-of-date systems

Microsoft Security Bulletin MS17-010 – Critical

MS17-010: Security update for Windows SMB Server: March 14, 2017

Microsoft Support SMB Management post

This String of ransomware uses a specific Remote code execution from Windows SMB 1.0, which was used for Windows XP/Server 2003 functionality. There have since been improvements in SMB 2.0 and SMB 3.0.

Removing or disabling SMB 1.0 from your corporate network

Removing this feature can be achieved using PowerShell. It is an effective method to return success feedback when running the script, and ensuring the command has been run on connected systems on your network.

There are also ways to do this on your personal machine. You can turn off the Windows Feature ‘SMB1.0/CIFS File Sharing Support.’ As far as getting this disabled for your entire domain, it may take a bit more to deploy and enforce the following command:

Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove –norestart

<Or>

Remove-WindowsFeature FS-SMB1

Specops Command provides a platform to monitor and manage the actual command running in your workplace. Specops Command can schedule and execute this action and many more, and provide valuable feedback on execution of the command which can prove to be the type of response you need when minutes count.

Download Specops Command Software here.

Contact us today for a trial license to get through this deployment.