Back
Featured image of post Why is patching still so important to mitigate WannaCry

Why is patching still so important to mitigate WannaCry

Many think it is safe now, because someone found a kill-switch. That is wrong, totally wrong!

The WannaCry wave is not over. some even talk about a newer version that seems to have another password an doesn’t use the known kill-switch. But it looks like these derivates are using the same way (SMBv1 Vulnerability) to redistribute there self.

And another thing to keep in mind: The attack happened on the weekend… Many computers in big companies might be turned of. What if they are turned on on Monday, in a network where already infected computers are?

Not patching a system and even leave SMBv1 turned on is a big risk. In my opinion to many companies ignored the well known Vulnerability. Even worst if you think you shouldn’t do something now!

If you really need SMBv1, I had a very old NAS Server that only support it, please do yourself a favor and patch you systems. All of them! And you really should think about an alternative, by dropping such old devices.

I still see much more Netbios traffic on our external Firewalls since the WannaCry wave started. Even now. The traffic is still about 20% higher then normal. And I doesn’t even understand why there is any Netbios traffic on the Internet! Every well configured firewall should block it, in booth directions!

My advice is crystal clear: Check all your systems and patch all of them!

The reason why guys like me posted all the stuff over the weekend, even after the Kill-Switch was announced!