Product Pack containing several questions and actions for identification and removal of the Wanna Cry 2.0 ransomware attack which broke out on May 12th 2017.
Scenario
In case of a Wanna Cry out break, an organization can:
1) Lists devices infected with by WannaCry2.0
2) Disable SMBv1
3) Provide patching data relevant to the WannaCry2 ransomware
4) Risk Assessment for Wanna Cry 2.
Known Issues / Additional Notes
Info
- Status
- Verified
- Author
- 1E Product Pack Team
- Category
- Security
- Tags
- attack infection malware ransomware risk risk assessment Security SMB
- Added
- 2 years ago
- Last Updated
- 3 weeks ago
- Downloads
- 31
- Compatibility
- Platform - v8.1, v8.0, v5.2, v5.1
Os Supported - Microsoft Windows 10, 8.1, 7
Components
1E-Exchange-WannaCry-SMBv1RegCheck
Description
WannaCry2 leverages SMB1 to propogate. This instruction will highlight potentially vulnerable devices. It will show the status of the SMBv1 and show if a reboot is required
Readable Payload
Risk Assessment for WannaCry 2.0: Provides information on SMBv1 status and device reboot status
1E-Exchange-WannaCry-RestartNow
Description
Restarts the device immediately after disabling the SMB v1 or installing relevant Patches. This should only be used on devices that need to be restarted immediately.
Readable Payload
Prevent WannaCry 2.0: Restart computer immediately after disabling SMB v1 or installing relevant patches