Security Awareness : WannaCrypt ransomware attack

You maybe aware of the recent cyber attack affecting millions of computer systems throughout the world due to a vulnerability in the SMB/CIFS protocol on Windows operating systems. These attacks known as ransomware, encrypt files of the target system making them inaccessible to the user before demanding payment in return for decrypting the files.

For clients that have managed servers (VPS, dedicated and cloud) you need take no action, we will be  performing updates on all systems to ensure they are fully up to date.

For clients that are self-managed please ensure you have applied the latest patches.

Self managed clients can also mitigate their risk by disabling SMB file sharing on your server, you can do this as follows:

(Applies to Windows server 2008, 2008 R2, 2012, 2012 R2 and  2016)

1) Open Server Manager and then click the Manage menu and select Remove  Roles and Features.

2) In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.

3) You will then need to restart the system.

Desktop operating systems (Windows XP, Vista, 8, 8.1 and 10)

We also recommend clients ensure their desktop systems are also patched by applying the latest windows updates.

You can also mitigate your risk by disabling SMB file sharing as follows:

1) Open Control Panel, click Programs, and then click Turn Windows features on or off.

2) In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.

3) Restart the system.

Windows XP
Microsoft have also taken the unusual step of providing a patch for Windows XP, this can be downloaded from the link below:

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

Conclusion

While we have no evidence that any of our servers have been infected we are taking all possible steps to ensure our clients are protected and would request that you contact our support team should have any queries or require any assistance.

References:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/

Kind regards,
Support Team