Last week, a new ransomware was detected by Microsoft that spreads by leveraging vulnerabilities that have been previously fixed. The ransomware identified as WannaCrypt (also known as WannaCry, WanaCrypt0r, WCrypt, or WCRY) used publicly available exploit code for the patched SMB “EternalBlue” vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. The ransomware appears to have affected computers that have not applied the patch for these vulnerabilities. Microsoft reminds users to install MS17-010 if they have not already done so.
What to Do
Make sure that you have installed the correct Windows updates related to MS17-010 to address this security concern for the version of your operating system. There are no known issues with running Survalent’s software with these Windows updates.
If you wish to disable SMB as an added measure of security, Survalent recommends testing the impact this would have on your SCADA/ADMS environment. Depending on your network setup, you may lose access to certain devices such as shared drives or network printers.
For more information on the ransomware, visit Microsoft’s TechNet Blog.