15 May 2017 | 1 min read

WannaCry / WannaDecrypt0r ransomware

WannaCry / WannaDecrypt0r ransomware program targeting Microsoft Windows users. It already infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin. Watch out guys!

Have your heard the hottest infosec headline this week? It all about ransomware called WannaCrypt or WanaCrypt0r aka WCRY. It appears to be taking advantage of a recently disclosed Microsoft vulnerability (MS17-010 – “Eternalblue”) associated with the Shadow Brokers tools release. Windows user strongly encouraged to ensure that pull updates of the latest patches applied to operating systems – especially #MS17-010

As for hot fix1, you can disable Server Message Block (SMB) by yourself using powershell 2.0 (with administrator privilage).

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Later, if you need to enable SMB, just run this command

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force

Hopefully, this can protect us and keep connected to the network! You can read more about this malware from crowdsource which posted here2 on github gist. If you are still confuse, please die read the FAQ3

Robbi Nespu | Malware, Ransomware, Virus, Worm

Discussion and feedback