InfoSec Handlers Diary Blog
Last Updated: 2017-05-13 23:51:27 UTC
by Guy Bruneau (Version: 3)
Microsoft released information what can be done to protect against WannaCry which includes deploying MS17-010 if not already done (March patch release), update Windows Defender (updated 12 May) and if not using SMBv1 to disable it available here.
Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.
Note: If you are running Windows 10, you are not targeted by this attack.
A live map of the infection is available here.
Update 1: There is additional information including hashed, C&C sites as well as the file type it will encrypt and samples located here. US-CERT released the following information of Indicators Associated With WannaCry Ransomware here.
Update 2: There are reports that indicate that WannaCry VERSION 2 has been released and the kill switch that had been activated by a security researcher has been removed. If you haven’t already applied MS17-010 and blocked inbound SMB traffic, you can still fall victim of this Ransomware.