We are here to help!

Find new ways to use Atera, Ask us anything.

Follow

WannaCrypt / WannaCry Ransomware Cyberattack Preventative measures

What happened?

 

On 13th May 2017, seemingly from out of nowhere, and with no warning, new ransomware called WannaCrypt infected computers worldwide.

 

wannacrypt.jpg

 

WannaCrypt spread like wildfire, worming its way from machine to machine by exploiting a networking vulnerability that Microsoft had patched back in February. 

WannaCrypt infected thousands of computers, and some extremely high-profile targets were hit.

Known victims included:

  • Russia's Ministry of Internal Affairs - reported more than 1,000 infections.
  • The U.K.'s National Health Service - had to put life-saving surgeries on hold.
  • Telefonica - the Spanish telecom giant sent employees home after the infection tore through its offices.

The question on many peoples lips was how did the malware manage to spread if Microsoft had already shipped a Windows update that fixed the vulnerability WannaCrypt was exploiting?

The answer is because not everyone installs those updates in a timely manner. In corporate and government environments, for example, updates are often delayed for an extended period of time.

 

How Atera can help

 

Microsoft took the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. PCs running Windows 10 were not targeted by the attack.

You can review the full Microsoft KB and article here.

Using out of the box system functionalities, Atera helps you to minimize the risk of exposure to WannaCrypt and protect your customers. 

 

What do I need to do in Atera?

 

Atera makes it simple, follow the steps below to deploy base KB 2919355. Then install the relevant KB(s) for your Windows operating system(s) by following the same process. Please be aware that Microsoft has released a number of cumulative patches that already include the relevant patches and should provide sufficient protection if already installed. The cumulative updates are KB4016871 (1703), KB4019472 (1607), KB4019473 (1511), KB4019474 (RTM) for each Windows version.  

For more information on working with the Patch Search and Deploy report see the KB.

 

Operating System KB's to be installed
Windows Vista (all editions) Windows6.0-KB4012598-x86.msu
Windows6.0-KB4012598-x64.msu
Windows Server 2008 (all editions) Windows6.0-KB4012598-x86.msu
Windows6.0-KB4012598-x86.msu
Windows6.0-KB4012598-ia64.msu
Windows 7 (all editions) Windows6.1-KB4012212-x64.msu
Windows6.1-KB4012215-x64.msu
Windows Server 2008 R2 (all editions) Windows6.1-KB4012212-x64.msu
Windows6.1-KB4012215-x64.msu
Windows 8.1 (all editions) Windows8.1-KB4012213-x64.msu
Windows8.1-KB4012216-x64.msu
Windows RT 8.1 (all editions) The 4012216 monthly rollup update is available via Windows Update only.
Windows Server 2012 and Windows Server 2012 R2 (all editions) Windows8-RT-KB4012214-x64.msu
Windows8-RT-KB4012217-x64.msu
Windows8.1-KB4012213-x64.msu
Windows8.1-KB4012216-x64.msu
Windows 10 (all editions) Windows10.0-KB4012606-x64.msu
Windows10.0-KB4013198-x64.msu
Windows10.0-KB4013429-x64.msu
Windows Server 2016 (all editions) Windows10.0-KB4013429-x64.msu

 

 

 

 

 

 

 

 

 
1. From the left-hand panel click Reports

 

patchkb1.jpg

 

2. Then click Monitoring > Patch Search Dashboard
The Patch Search Dashboard page displays.

 

patchkb5__1_.jpg

 

3. Select the report criteria:

  • Select Customer: Choose a Customer from the drop-down list or select All.
  • Filter By: Select whether to filter the report by KB, or by Description. What you select here will update the field below.
  • KB / Description:
    • KB: Enter the KB code 2919355 , or the relevant KB for each OS version according to the table above, or the cumulative patch number.
  • Agent Types: Select from All, Desktop, Server, or Mac.
4. Click Generate
The report generates and displays. This may take a few seconds depending on the amount of data.
5. Click Not Installed to refresh the report to show only Agents that do not have KB 2919355 installed.
6. Select the Agent Names(s) with Not Installed patches using the checkboxes, or use Select All. Then click Install.
A confirmation message displays.
The patches will be installed immediately if the Agent is currently online. If the Agent is offline, installation will commence when the Agent status changes to 'Online'.

End of article. 

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request