WannaCrypt: What does think? Act! [Quick Guide]

9:34 am May 18, 20178382

WannaCrypt is a topic that is on the table of the service computer following the attack this weekend. With more than 200,000 infected devices and some companies shut down, arguably he made noise and is not without consequence.

Maintenance of the it parks being questioned?

What is obvious, is that it highlights a cruel lack of parks maintenance computer within some companies. This ransomware exploits a flaw known and corrected by Microsoft in March, when we know today the importance of updates, how could she be forgotten?

We can’t say that there are no tools available to simply update its computers, Microsoft offers many years the WSUS on Windows Server role to actually deploy these fixes with a few clicks.

So certainly, this attack also affects the items under Windows XP, a bone completely obsolete and maintained by Microsoft since April 8, 2014. But is it normal that Windows XP might still be used? No, even go to the evidence that it’s not always simple to get in these special cases, particularly in the field of industry where he lives the machine connected to a PLC out of price. Incidentally, Microsoft for released a patch for Windows XP and Windows Server 2003 emergency to fix the hole on these obsolete systems.

Beyond the fact to apply this security patch, you can disable the SMBv1 because this is the version that is affected by this vulnerability and that it is obsolete. Today, we in the SMB v3 version. X. the problem is that version 1 of SMB is always enabled on Windows by compatibility issues, particularly on network copiers that use this version for the scan-to-share. So be careful before you disable this version it will take can be better patch initially.

Info: which version of the SMB Protocol do you use?

Educate your users!

In my opinion, beyond the system operating, it is also about l’ computer hygiene with the education of users , better be safe than sorry. Security is also to anticipate the risks and identify weaknesses in its information system. It is essential to train the users to give them a look more inured on what they do on Internet , on files they open, etc… Because often, it is there that the door opens for access to your information system.

Your users must also be informed about the importance of the updates, regardless of whether at work or at home, the updates are essential! We don’t disable Windows Update!

Why is WannaCrypt, so powerful?

To put it simply, in regards to WannaCrypt itself, it works on a basic model: a link, a file is downloaded and executed, and it is your files are encrypted. There where WannaCrypt is formidable and powerful, but that it then operates an SMB flaw (as corrected by the hotfix Microsoft) to diffuse through the network on the other positions of your infrastructure.

By the way, originally from WannaCrypt people managed to steal a tool at the NSA that allows to exploit this flaw. The NSA as she used it as part of its espionage operations.

A decryption under design tool?

Publishers of anti-virus solution on the spot, WannaCrypt is in their viewfinder: between those who claim to protect users against WannaCrypt and those who say work on a decryption tool.

When the decryption tool will be ready, it will be normally broadcast on the website No. More Ransom , a platform launched by Kaspersky Lab, Europol, Intel Security and police in the Netherlands. A cooperative work is therefore underway.

Whatever it is, don’t pay the ransom! You will not have the guarantee to review your files… And in more you will strengthen the movement.

Here, I will stop here on the subject, we could write tons… And you, what is your opinion on the subject?