Jump to content
ak88

WannaCry patch?

Recommended Posts

ak88

Does anyone know if there is a patch for this? I have tried the Win 7 and Server 2008 R2 patches but neither are for the system when I try to apply.

 

I have used powershell to disable SMBv1 but not sure this is enough:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

 

Thanks

 

Edit: Turns out it was because I was patched already, on a lot of boxes with auto updates I have seen today the patch was missing but it wasn't on this one thankfully. FYI the Server 2008 r2 patch is the one to use.

Edited by ak88

Share this post


Link to post
Share on other sites
Drashna Jaelre

If you have the patch, then you should be fine.  Otherwise, the powershell command should take care of it.

 

That said, either takes care of it spreading from machine to machine, and it's already been shut down.  But better to patch a vulnerability...

Share this post


Link to post
Share on other sites
Trig0r

Not sure what its like from a media POV for you guys in the states but there were a lot of media outlets saying it was an attack on the NHS, people then repeating the same thing on social media, blaming Microsoft, calling the hackers scum that could kill someone etc so much misinformation these days, only takes one dumbass on the news to misquote or get something wrong and its all over the place and you never seem to get anyone appologise for spreading shit, its all about getting the story out first, facts be damned...

Share this post


Link to post
Share on other sites
Drashna Jaelre

We saw a lot of that, but not as much, I think.  And yeah, sensationalized shit always spreads faster than boring facts.

However, I did see some analysis that fingers North Korea as the origin of this malware. (and that this was particularly sloppy malware). Personally, I find that chilling, considering the whole missile testing they're doing.  Couple a massive malware attack with military action.... it's outright terrifying. 

As for blaming Microsoft, well they're releasing an out of band batch for XP/Server 2003, so that says a hell of a lot. Blame them if you want, but nobody should be running these OS's anyways. If you are still running these OS's, then it's pretty much entirely your fault here. 

 

Share this post


Link to post
Share on other sites
Trig0r

Yeah theres talk of it being North Korea, although the apparent tools and exploits were found by the NSA and they didnt tell anyone, so yeah, naughty North Korea, but the NSA, lets not talk about that bit... hmmmmm...

Share this post


Link to post
Share on other sites
Drashna Jaelre

Yup, NSA, CIA, FBI, etc have been stockpiling exploits, as I'm sure other gov'ts have been as well.  Microsoft released a statement about this, as well.  Basically, that it's harming everyone, especially consumers and businesses, as this attack perfectly illustrated. 

A security vulnerability affects everyone. 

Share this post


Link to post
Share on other sites
JamesHearth

Just reposting this information here, in case someone needs it:

 

So now there is a possibility to unlock files encrypted by WannaCry ransomware using a free decryption program

 

https://blog.malwarebytes.com/cybercrime/2017/05/wannadecrypt-your-files/

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html

https://malwareless.com/free-wannacry-ransomware-decryption-tool-unlock-files-without-paying-ransom/

 

The decryptor is only going to work if you haven't killed the ransomware process (should be wnry.exe or 
or wcry.exe)

Share this post


Link to post
Share on other sites
nrf

even then no guarantee, over at the TWIT house they reported around around 20% success over a number of attempts. so, folks, don't forget you need a good offline backup scheme, keyu recovery or even paying the ransome is a 'hail mary'...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now




×