Protection from the Cyber Attack WannaCry
Current Worldwide Cyber Attack Protection
News is spreading like the infection from the cyber attack. Current information suggests this is dubbed #WannaCry Ransomware.
Information
- Encrypts with file extension .wncry
- Deletes volume shadow copies (often used for quick recovery)
- Deletes Windows Backup and System Restore
- Attacks SMB shares Windows 10, Windows 8 , Windows 7, Windows Vista, Windows XP
- Note the widely publicised Kill Switch is blocked by proxy server.
The malware uses direct Internet access to check the kill switch domain name and web site.
Ironically the more secure sites using outbound filtering are more vulnerable.
Protection
Based on anecdotal information available 13/05/2017
- Patch systems up to April 2017 (specifically MS17-010)
- Disable SMB v1.0/CIFS File Sharing Support
- Use File Resource Manager to block the extension .wncry
Add Comments Below with Further information
Most recent Twitter updates
Comments
Post a Comment