A huge cyberattack in the form of Ransomware known as WannaCry, DoublePulsar, etc. are spreading quickly across the globe and affected at least 99 countries.
Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) has received victim reported that data has been encrypted by WannaCry, and attack trace has been detected in some local institutes.
This ransomware takes advantage of a Windows vulnerability MS17-010 via SMBv1. Please take immediate action to apply Microsoft Security Patch released in Mar 2017 – https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
To save your computer from harms, please help to:
Firewall
Windows Server
Windows Client
If you are unable to install patches to any Windows machine, you can (1) turn off SMBv1 as a workaround and (2) apply patches asap.
A. 3 methods to deploy the hotfix:
You can choose any of below 3 methods to deploy ms17-010.
B. 3 Quick Workarounds about not to use SMBv1:
Since the virus is spread via SMBv1 protocol, so a quick workaround is to disable SMBv1. Here are 3 quick workarounds about not to use SMBv1. Details: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012.
ITSC has applied IP filtering to list of TOR (Threat of Release) sites. Please report to ITSC if you (or users) can’t access to any legitimate websites.
As usual, ITSC is closely monitoring all our critical systems and infrastructure to ensure healthy and clean environment.
Although no incident report has been received by ITSC, we would like you to be vigilant.
Since Petya will start data encryption after system reboot, if user found their Windows hang suddenly and reboot (like the screen below), they should:
Note : Once the encryption process is completed, the data will be unrecoverable.
Please visit here for more Information Security tips.
Initial Released on: 13 May 2017