The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017.

This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.

NNT guidance is to ensure latest MS Patches are applied to all systems at all times – MS have now released patches for all Windows platforms including the officially unsupported Windows XP operating system - see https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

We also advise removing SMB V1 completely from any system and the report here will verify that this is indeed the case – the report will check for the existence of Registry Key and verify that it is set to 0 / Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1

Once you've downloaded the report, follow these instructions: 

To upload the SMB Compliance Report to Change Tracker after downloading it from the link above, log into you change tracker console and click on the “Settings” Tile – then, look to the left and select the “Compliance Report Templates” tab. Once this comes up, click on “Upload Templates” and navigate to the location of the file and select it. Once selected, press the “Upload Files” button. Which should then display a progress bar.  Once this progress bar is at 100%, continue to the next step.

Finally, assign the Compliance Report Template you have just uploaded to run on the desired group on a schedule of your liking. In our case, this would be Windows devices, and we want to run this daily. On the “Settings Tile” – Click on the “Groups” tab and then select the “Windows” group. From here, on the right side of the screen, you should see various tabs related to the Windows group. Select the “Scheduled Reports” tab, and press “+ Schedule a New Report.” Upon clicking this, a pop-up box will appear asking you to first select the Compliance Report you want to run, select the SMB Report. If you want this to run immediately, do not select a Start time, and if you never want this to end, do not select and End time. Set the schedule to Daily, and leave the Pass Mark at 100%. Click the “Update” Button.

 

For any concerns or queries regarding WannaCry or EternalBlue contact This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call 1-888-898-0674 or click here to request more information.

Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
emailUSinfo@nntws.com
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
emailinfo@newnettechnologies.com
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


We strongly advise NNT Customers and Partners to sign up for our Product Updates Mailing List to receive information on software updates and new product features.

Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.