Jump to content


IMP : Windows Vulnerability - WannaCry

wannacry vulnerability

  • Please log in to reply
3 replies to this topic

#1 Guest_Kayalvizhi Subramaniam_*

Guest_Kayalvizhi Subramaniam_*
  • Guests

Posted 15 May 2017 - 12:02 PM

What is Ransomware?


Ransomware is a malicious software that encrypts files and locks devices, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named 'Wannacry' has been affecting devices worldwide creating the biggest ransomware attack the world has ever seen. 


What is WannaCry Ransomware?


WannaCry ransomware attacks windows based machines. It also goes by the name WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY. It leverages SMB exploit in Windows machines called EternalBlue to attack and inject the malware. All versions of windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010. After a system is affected, it encrypts files and shows a pop up with a countdown and instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.


How it spreads?


It uses EternalBlue MS17-010 to propagate. The ransomware spreads by clicking on links and downloading malicious files over internet and email. It is also capable of automatically spreading itself in a network by means of a vulnerability in Windows SMB. It scans the network for specific ports, searches for the vulnerability and then exploits it to inject the malware in the new machine and thus it spreads widely across the network.


What can you do to prevent infection?

  • Microsoft has released a Windows security patch MS17-010 for Windows machines. This needs to be applied immediately and urgently.

  • Remove Windows NT4, Windows 2000 and Windows XP-2003 from production environments.

  • Block ports 139, 445 and 3389 in firewall.

  • Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.

  • SMB is enabled by default on Windows. Disable smb service on the machine by going to Settings > uncheck the settings > OK

  • Make sure your software is up-to-date.

  • Have a pop-up blocker running on your web browser.

  • Regularly backup your files.

  • Install a good antivirus and a good anti-ransomware product for better security.

What are we doing on our Windows shared servers?


We are already in the phase of applying Windows updates on all our shared hosting Windows servers. However we need to reboot servers in-order to apply those security patches. We shall announce the schedule for server reboot in this thread shortly.


What you need to do in case of our Windows dedicated servers?


You need to patch the Windows dedicated server immediately using the steps mentioned in the link : https://goo.gl/PYIEis

In-addition to this, please block the IP addresses, domains and file names mentioned in this link : https://goo.gl/JsSo0v

You can also refer to the following links to apply the necessary fix.


https://technet.micr...curity/MS17-010

https://technet.micr...y/ms17-010.aspx

https://support.micr...p/4013389/title

For dedicated servers, once you have applied necessary changes, you need to reboot the server.


Please feel free to contact our support desk if you have any questions.



#2 Guest_Kayalvizhi Subramaniam_*

Guest_Kayalvizhi Subramaniam_*
  • Guests

Posted 15 May 2017 - 12:21 PM

UPDATE :
 

The server reboot schedule is as follows :
 

Server Name

Time

md-plesk-web6.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

mdus-pp-wb13.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

sdin-pp-wb4.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

bh-plesk-web6.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

plesk-web23.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

mdla-pp-wb1.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

Plesk-web25.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

bhin-pp-wb2.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

bhin-pp-wb3.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

sdin-pp-wb2.webhostbox.net

Monday 15th May 5:30 PM - 6:00 PM IST

plesk-web13.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

plesk-web15.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

md-plesk-web1.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

bhin-pp-wb1.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

plesk-web16.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

mdcn-pp-wb1.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

Plesk-web8.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

sdin-pp-wb1.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

Plesk-web19.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

Plesk-web11.webhostbox.net

Monday 15th May 6:30 PM - 7:00 PM IST

sdin-pp-wb3.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web2.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web14.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

md-plesk-web8.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

bh-plesk-web1.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web17.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web9.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web6.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web24.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web10.webhostbox.net

Monday 15th May 7:00 PM - 7:30 PM IST

plesk-web4.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

plesk-web18.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

md-plesk-web3.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

bh-plesk-web2.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

bhus-pp-wb7.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

bh-plesk-web5.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

plesk-web1.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

bh-plesk-web3.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

mdus-pp-wb10.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

mdus-pp-wb11.webhostbox.net

Monday 15th May 7:30 PM - 8:00 PM IST

mdus-pp-wb14.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

ddmdus-pp-wb2.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

md-plesk-web7.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

md-plesk-web9.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

mdhk-pp-wb1.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

plesk-web3.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

plesk-web12.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

plesk-web7.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

mdus-pp-wb12.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

bh-plesk-web4.webhostbox.net

Monday 15th May 8:00 PM - 8:30 PM IST

mdin-pp-wb3.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

mdin-pp-wb1.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

plesk-web20.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

plesk-web5.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

mdin-pp-wb4.webhotbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

plesk-web22.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

sdla-pp-wb1.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

mdin-pp-wb5.webhostbox.net

Monday 15th May 8:30 PM - 9:00 PM IST

 

 



#3 Guest_ashish.s_*

Guest_ashish.s_*
  • Guests

Posted 16 May 2017 - 09:46 AM

All shared servers were rebooted as per the aforementioned schedule. In continuation of our efforts to safeguard our servers from the WannaCry ransomware, we will be patching the following MSSQL servers today as per the schedule provided below :

 

Server Name

Time

sdin-pp-mssql1.webhostbox.net

Tuesday 16th May 04:00 - 05:00 PM IST

mdin-pp-mssql1.webhostbox.net

Tuesday 16th May 05:00 - 06:00 PM IST

bhin-pp-mssql1.webhostbox.net

Tuesday 16th May 06:00 - 07:00 PM IST

plesk-mssql1.webhostbox.net

Tuesday 16th May 07:00 - 08:00 PM IST

plesk-mssql2.webhostbox.net

Tuesday 16th May 08:00 - 09:00 PM IST

plesk-mssql3.webhostbox.net

Tuesday 16th May 09:00 - 10:00 PM IST

bh-plesk-mssql1.webhostbox.net

Tuesday 16th May 10:00 - 11:00 PM IST

md-plesk-mssql1.webhostbox.net

Tuesday 16th May 10:00 - 11:00 PM IST


Please note that all websites using the above mentioned servers as their database server will be affected. Feel free to contact our support desk if you have any questions.

 



#4 Guest_dennis.v_*

Guest_dennis.v_*
  • Guests

Posted 17 May 2017 - 01:52 AM

All MSSQL servers have been rebooted as per the aforementioned schedule. 

 

Feel free to contact our support desk if you have any questions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users