Protection from the Cyber Attack WannaCry

Current Worldwide Cyber Attack Protection

News is spreading like the infection from the cyber attack. Current information suggests this is dubbed #WannaCry Ransomware. 

Information

  • Encrypts with file extension .wncry
  • Deletes volume shadow copies (often used for quick recovery)
  • Deletes Windows Backup and System Restore
  • Attacks SMB shares Windows 10, Windows 8 , Windows 7, Windows Vista, Windows XP
  • Note the widely publicised Kill Switch is blocked by proxy server.
    The malware uses direct Internet access to check the kill switch domain name and web site.
    Ironically the more secure sites using outbound filtering are more vulnerable. 

Protection

Based on anecdotal information available 13/05/2017
  1. Patch systems up to April 2017 (specifically MS17-010)
  2. Disable SMB v1.0/CIFS File Sharing Support
  3. Use File Resource Manager to block the extension .wncry

Add Comments Below with Further information

Most recent Twitter updates


Comments

Post a Comment

Popular posts from this blog

Server Manager Refresh completed with one or more warning

The system cannot access one or more event logs because of insufficient rights The Problem: Configuration refresh message. The system cannot access one or more event logs because of insufficient rights, file corruption, or other reasons. For more information, see the Operation channel in the ServerManager-ManagementProvider error log on the target server. Problem occurred on Server 2012 servers that have been upgraded to Server 2012R2 servers. Servers are also clustered. The Solution: Following the event logs leads to a few registry keys. You can eliminate the messages by: 1. Export the following registry keys (for safety) 2. Delete the following keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskRingtone/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-Roaming/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-SCDICCOMPILER/Analytic HKLM\SOFTWARE\Mic
Read more

Shrewsoft VPN client - can't open Access Manager

Shrewsoft VPN client - can't open Access Manager Problem Access Manager is not visible Occurred after adjusting using dual monitors. Reinstall does not fix the issue. The Fix Use regedit to rename or delete the following key: HKEY_CURRENT_USER\Software\ShrewSoft\vpn\user Had a look around the Shrewsoft support site - nothing useful in there to fix this problem.
Read more

Hyper-V could not replicate changes for virtual machine as replication is suspended on the Replica server

Image
EVENT ID 32088 for all VMs After running out of disk space on the Replica host server, all VMs stopped replicating.  Replication cannot simply be started by right clicking on the source VM and selecting Resume Replication. No console error message just the event log event 32088.  I considered removing replication and re-replicating but this seemed an awful lot of work for simple problem. Tried stopping the Hyper-V service on the replica host and restarting, but this also did not work. THE FIX 1. Go to the destination replica server, right click each VM and select Resume Replication.  2. Now you can go to the source server, right click each VM and select Resume Replication. For some strange reason this works. Just trying one end or the other will fail without a console error message (but shows in the event log).
Read more