漏洞类别:Backdoors and trojan horses
漏洞等级: 
漏洞信息
WannaCrypt/WannaCry/Wanna Decryptor is a ransomware worm that is reportedly spreading by exploiting a flaw in SMB. It is said to exploit the SMB vulnerability. The spreading mechanism is said to be designed on the ETERNALBLUE released by Shadow Brokers. Microsoft addressed this vulnerability in MS17-010.
QID Detection Logic (Authentication):
This authenticated detection works by checking for the presence of a registry key and a few files that are found on a system post infection.
漏洞危害
Systems infected by this malware will have their files rendered encrypted and unusable until they pay a price to an anonymous party using Bitcoins. The ransom value then rises considerably after a few days. If no ransom is paid, the users files might be deleted.
解决方案
N/A
Workaround:
1. Customers are advised to install MS17-010 on supported operating systems.
2. In case customers have systems that are not supported by Microsoft, they are advised to block public internet SMB access on TCP port 445.
0day
文章评论