Protection from the Cyber Attack WannaCry

Current Worldwide Cyber Attack Protection

News is spreading like the infection from the cyber attack. Current information suggests this is dubbed #WannaCry Ransomware. 

Information

  • Encrypts with file extension .wncry
  • Deletes volume shadow copies (often used for quick recovery)
  • Deletes Windows Backup and System Restore
  • Attacks SMB shares Windows 10, Windows 8 , Windows 7, Windows Vista, Windows XP
  • Note the widely publicised Kill Switch is blocked by proxy server.
    The malware uses direct Internet access to check the kill switch domain name and web site.
    Ironically the more secure sites using outbound filtering are more vulnerable. 

Protection

Based on anecdotal information available 13/05/2017
  1. Patch systems up to April 2017 (specifically MS17-010)
  2. Disable SMB v1.0/CIFS File Sharing Support
  3. Use File Resource Manager to block the extension .wncry

Add Comments Below with Further information

Most recent Twitter updates


Comments

Popular posts from this blog

Server Manager Refresh completed with one or more warning

Event ID 122 Access to Drivers on Windows Update Blocked by Policy - Fix Here

root\cimv2\TerminalServices namespace is marked with the RequiresEncryption flag - Temporary Solution