cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3022
Views
7
Helpful
6
Comments
Asocha
Cisco Employee
Cisco Employee

Unless you've been living under a rock, you've heard of the WannaCry ransomware attack that has impacted servers around the world in the last few days.  Hopefully you and your customers haven't been victims of this attack. WannaCry is a ransomware program that targets Microsoft Windows operating systems, which can be spread by phishing emails and by using the EternalBlue exploit and DoublePulsar backdoor  to spread throughout a network.  Microsoft released a security fix in March of 2017 to address the issue, but (apparently) not everyone has installed it.  The security patch does require a restart of the server.

Here are some useful links that can help you understand the issue and protect your systems from this attack.

Cisco has released an official PSIRT notification for WannaCry.  This is a generic notice for all Cisco products that don't support Windows auto updates.

There is a new article on TechZone that also contains similar links and information.


Both Cisco articles reference the original Microsoft security bulletin: MS17-010.  This security update was provided 2 months before the WannaCry attack, so doesn't reference it explicitly.  However, WannaCry exploits weakness in Microsoft Server Message Block 1.0 (SMBv1) server, and this security bulletin addresses that weakness.

CCBU is exploring  the feasibility of disabling SMBv1 on our servers as a short term way to avoid WannaCry attacks without installing the security patch.  No problems have been found in our initial testing.  CCBU's recommendation is to apply the patch as soon as possible.  As a long term strategy it is in your customers' best interest to regularly install Microsoft Security updates to avoid problems like WannaCry.  As the old adage goes: an ounce of prevention is worth a pound of cure.

6 Comments
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: