Last updated on Jun 29, 2017
After this weekend’s latest Ransomware attack here is a quick way to find all those “Windows XP” machines still running in your environment.
What is WanaCry ?
This malware exploits a vulnerability in Microsoft’s Windows operating system that allows it to automatically spread across networks, which gives it the ability to quickly infect large numbers of machines at the same network.
This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect. Both of these actions require administrative privileges.”
There is a component of the ransomware that spreads laterally, could potentially be via SMB shares or leveraging a recent Microsoft bug to spread. The ransomware could have taken advantage of the bug in the SMB that addressed by Microsoft in last March 14.
Kindy We would strongly recommend to confirm below,
- Kindly make sure all windows PC has been patched against SMB vulnerabilities addressed by (MS17-010). Kindly refer the link below
- https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- All system Anti-Virus solution are updated.
- Kindly inspect your systems, mail gateway, servers for any trace of these malware, and isolate from your network in suspect of infection.
What does the Ransomware Look like ?
Here is a picture of a computer infected by the Ransomware.
To find all Windows XP machines run the following PowerShell OneLiner:
|
1 2 |
get-adcomputer -filter {operatingsystem -like "*xp*"} -properties operatingsystem | select name, operatingsystem | sort name |
#ThatLazyAdmin
Be First to Comment