On 13th May 2017, seemingly from out of nowhere, and with no warning, new ransomware called WannaCrypt infected computers worldwide.
WannaCrypt spread like wildfire, worming its way from machine to machine by exploiting a networking vulnerability that Microsoft had patched back in February.
WannaCrypt infected thousands of computers, and some extremely high-profile targets were hit.
Known victims included:
- Russia's Ministry of Internal Affairs - reported more than 1,000 infections.
- The U.K.'s National Health Service - had to put life-saving surgeries on hold.
- Telefonica - the Spanish telecom giant sent employees home after the infection tore through its offices.
The question on many peoples lips was how did the malware manage to spread if Microsoft had already shipped a Windows update that fixed the vulnerability WannaCrypt was exploiting?
The answer is because not everyone installs those updates in a timely manner. In corporate and government environments, for example, updates are often delayed for an extended period of time.
Microsoft took the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. PCs running Windows 10 were not targeted by the attack.
You can review the full Microsoft KB and article here.
Using out of the box system functionalities, Atera helps you to minimize the risk of exposure to WannaCrypt and protect your customers.
What do I need to do in Atera?
Atera makes it simple to follow the steps below to deploy base KB 2919355. Then install the relevant KB(s) for your Windows operating system(s) by following the same process. Please be aware that Microsoft has released a number of cumulative patches that already include the relevant patches and should provide sufficient protection if already installed. The cumulative updates are KB4016871 (1703), KB4019472 (1607), KB4019473 (1511), KB4019474 (RTM) for each Windows version.
For more information on working with the Patch Search and Deploy report see the KB.
|Operating System||KB's to be installed|
|Windows Vista (all editions)||Windows6.0-KB4012598-x86.msu
|Windows Server 2008 (all editions)||Windows6.0-KB4012598-x86.msu
|Windows 7 (all editions)||Windows6.1-KB4012212-x64.msu
|Windows Server 2008 R2 (all editions)||Windows6.1-KB4012212-x64.msu
|Windows 8.1 (all editions)||Windows8.1-KB4012213-x64.msu
|Windows RT 8.1 (all editions)||The 4012216 monthly rollup update is available via Windows Update only.|
|Windows Server 2012 and Windows Server 2012 R2 (all editions)||Windows8-RT-KB4012214-x64.msu
|Windows 10 (all editions)||Windows10.0-KB4012606-x64.msu
|Windows Server 2016 (all editions)||Windows10.0-KB4013429-x64.msu|
|1. From the left-hand panel click Reports|
|2. Then click Monitoring > Patch Search Dashboard|
|The Patch Search Dashboard page displays.|
3. Select the report criteria:
|4. Click Generate|
|The report generates and displays. This may take a few seconds depending on the amount of data.|
|5. Click Not Installed to refresh the report to show only Agents that do not have KB 2919355 installed.|
|6. Select the Agent Names(s) with Not Installed patches using the checkboxes, or use Select All. Then click Install.|
|A confirmation message displays.|
|The patches will be installed immediately if the Agent is currently online. If the Agent is offline, installation will commence when the Agent status changes to 'Online'.|