WannaCry / WannaDecrypt0r ransomware program targeting Microsoft Windows users. It already infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin. Watch out guys!
Have your heard the hottest infosec headline this week? It all about ransomware called WannaCrypt
or WanaCrypt0r
aka WCRY
. It appears to be taking advantage of a recently disclosed Microsoft vulnerability (MS17-010 – “Eternalblue”) associated with the Shadow Brokers tools release. Windows user strongly encouraged to ensure that pull updates of the latest patches applied to operating systems – especially #MS17-010
As for hot fix1, you can disable Server Message Block (SMB) by yourself using powershell 2.0 (with administrator privilage).
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Later, if you need to enable SMB, just run this command
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force
Hopefully, this can protect us and keep connected to the network! You can read more about this malware from crowdsource which posted here2 on github gist. If you are still confuse, please die read the FAQ3
Discussion and feedback