Advice and Guidance for dealing with WannaCrypt


The widely reported chaos that has been caused by the WannaCrypt malware is being spread via an SMB1 vulnerability. The following Microsoft blog post, written in September 2016, provides background information on SMB1 and why you should no longer be using it:

If you haven’t already done so then please take a look at the Microsoft mitigation guidance for dealing with WannaCrypt in the following post:

Our recommended short-term and mid-to-long term actions are outlined below.

Short-term actions:
Deploy March 2017 Security Updates (these include the fix: MS17-010) for supported OSs (Vista, 7, 8.1, 10, Server 2008, 2008 R2, 2012, 2012 R2, 2016)

Deploy KB4012598 out-of-band update that MS have released for unsupported Oss (XP & Server 2003)
Update anti-virus definitions to detect current WannaCrypt strain
Deploy March Security Updates from all vendors (a wide range of related vulnerabilities were disclosed/fixed in March across the industry)

Mid-to-long term actions:
Enable Windows Firewall Inbound (MS default behaviour) on all devices
Block SMB (TCP 445) inbound on all endpoints, allow only connections from trusted IPs on servers that require it open
Decommission servers/appliances that require SMB1
Uninstall the SMB1 feature from Vista and Server 2008 and later servers/devices
Take and test regular data backups
Re-educate users on phishing attacks
Review and if necessary accelerate patching processes


Please get in touch if you have any questions or need additional support or guidance.


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram