One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 364926 |
| Date de publication | 2017-05-13 23:51:27 (vue: 2017-05-13 23:51:27) |
| Titre | Microsoft Released Guidance for WannaCrypt , (Sat, May 13th) |
| Texte | Microsoft released information what can be done to protect against WannaCry[1] which includes deploying MS17-010 if not already done (March patch release)[2], update Windows Defender (updated 12 May)[3] and if not using SMBv1 to disable it available here. Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Note: If you are running Windows 10, you are not targeted by this attack. A live map of the infection is available here. Update 1: There is additional information including hashed, CC sites as well as the file type it will encrypt and samples located here. US-CERT released the following information of Indicators Associated With WannaCry Ransomware here. Update 2: There are reports that indicate that WannaCry VERSION 2 has been released and the kill switch that had been activated by a security researcher has been removed. If you havent already applied MS17-010 and blocked inbound SMB traffic, you can still fall victim of this Ransomware. [1] https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks [2] https://technet.microsoft.com/en-us/library/security/ms17-010.aspx [3] https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt [4] https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 [5] https://intel.malwaretech.com/WannaCrypt.html [6] https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197 [7] https://www.us-cert.gov/ncas/alerts/TA17-132A [8] http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html ----------- Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. |
| Notes | |
| Envoyé | Oui |
| Condensat | 010 132a 13th 2003 2008 2012 activated additional against all already applied are aspx associated attack attacks attribution available been blocked bruneau can center cert com/2017/05/wannacry com/en com/msrc/2017/05/12/customer com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197 com/security/portal/threat/encyclopedia/entry com/wannacrypt commons creative custom customers cyber defender deploying disable done dot edu enable encrypt fall file following gbruneau github gov/ncas/alerts/ta17 guidance guy guybruneau had has hashed havent here html http://thehackernews https://blogs https://gist https://intel https://isc https://support https://technet https://www inbound inc includes including indicate indicators infection information internet ipss isc kill license live located malwaretech map march may microsoft ms17 name=ransom:win32/wannacrypt noncommercial not note: only patch platforms protect provided ransomware release released removed reports researcher running samples sans sat security server sites smb smbv1 smbv2 smbv3 states storm support switch targeted technet traffic twitter: type united update updated us/help/2696547/how us/library/security/ms17 using version victim vista wannacry wannacrypt well what which will windows |
| Tags | |
| Stories | Wannacry |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.