Notes on Ransomware WannaCry

#see
http://unaaldia.hispasec.com/2017/05/un-ransomware-ataca-multiples-companias.html
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Block the ports 137/UDP y 138/UDP 139/TCP y 445/TCP.

#Catalog of patches
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012215

#How to disable the smbv1
http://kb.bodhost.com/steps-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-servers/
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto



Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s