May 15, 2017 by Tal Widerman
The WannaCrypt Ransomware attacks that impacted customers all over the world put the spotlight on SMB formally known as CIFS.
The initial infection occurred via a Word file, which, once opened, deployed the WCRY malware. Ransomware encrypted Windows machine’s files, and then used a remote vulnerability found in outdated SMB versions (SMBv1 and SMBv2) to distribute itself to other Windows machines on the same network. Ransomware spread at an estimated rate 5 million infected emails per hour, targeting home users to corporate networks.
In hindsight, the current ransomware disaster could have been avoided. For many years Microsoft has been pleading with customers to end using the old and vulnerable SMB1 protocol and upgrade to the encrypted SMB version. In his blog post, Ned Pyle, Microsoft Principal Program Manager, has explained the SMB1 security vulnerabilities and the lack of efficiency.
A similar warning had come on March 16, 2017 from the Department of Homeland Security in a security best practice article, which had advised users and administrators to disable the SMB1 protocol completely due to its security vulnerability.
Further to the above, Kaspersky Labs has reported that SMB2 is also a source of the latest Ransomware cyber-attacks.
The best way to ensure that your customer’s or your environment stays protected is to deploy the encrypted SMB3.1.1 protocol.
As a company dedicated to advancing the latest SMB protocols, Visuality Systems offers the NQ Family of products that support the latest encrypted SMB3.1.1 protocol for all operating systems under a commercial license and 24/7 support.