Microsoft Released Guidance for WannaCrypt

Published: 2017-05-13
Last Updated: 2017-05-13 23:51:27 UTC
by Guy Bruneau (Version: 3)
11 comment(s)

Microsoft released information what can be done to protect against WannaCry[1] which includes deploying MS17-010 if not already done (March patch release)[2], update Windows Defender (updated 12 May)[3] and if not using SMBv1 to disable it available here.

Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.

Note: If you are running Windows 10, you are not targeted by this attack.

A live map of the infection is available here.

Update 1: There is additional information including hashed, C&C sites as well as the file type it will encrypt and samples located here. US-CERT released the following information of Indicators Associated With WannaCry Ransomware here.

Update 2: There are reports that indicate that WannaCry VERSION 2 has been released and the kill switch that had been activated by a security researcher has been removed. If you haven't already applied MS17-010 and blocked inbound SMB traffic, you can still fall victim of this Ransomware.



Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

11 comment(s)


Diary Archives