概要

影响系统：Microsoft Windows操作系统

CVE-2017-0144

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 (http://www.catalog.update.microsoft.com/search.aspx?q=kb4012598) operating systems on May 13, 2017. According to open sources, one possible infection vector is via phishing emails.

Unaffected Quantum Products

The following Quantum products are known to be unaffected by the WannaCry vulnerability.

• DXi
• Scalar Key Manager
• 标量磁带库
• Scalar LTFS
• 超级单3.
• StorNext Q-series QD/QS/QSX
• Lattus (C5, A10, S10, S20, S30)
• LTO Drives
• StorNext Software
• StorNext Appliances
• Vision
• vmPRO

Vulnerable Quantum Products

已知以下量子产品的版本容易受到vannacry的影响。

• Xcellis Application Director

  Xcellis Application Director is running Windows 2012R2. Customer is responsible for administration of Windows OS and any related Video Security Application installed. As such customer is responsible for updating Windows OS to latest patches and backing up the system.

Impact

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including:

• temporary or permanent loss of sensitive or proprietary information,
• disruption to regular operations,
• financial losses incurred to restore systems and files, and
• potential harm to an organization’s reputation.

支付赎金并不能保证加密files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

• Recommended Steps for Prevention
• Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • 禁用通过电子邮件传输的Microsoft Office文件的宏脚本。考虑使用Office Viewer软件打开通过电子邮件传输的Microsoft Office文件而不是完整的Office套件应用程序。
• Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
• Have regular penetration tests run against the network. No less than once a year, but ideally, as often as possible/practical.
• Test your backups to ensure they work correctly upon use.

参考资料

• https://www.us-cert.gov/ncas/alerts/TA17-132A
• https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01
• https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01E

Contact Information

In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 324 185. You will need your system serial number. For additional contact information, go to//www.zjhxrs.com/serviceandsupport/get-help/index.aspx#contact-support