ManageEngine Endpoint Central helps you to protect your computers from WannaCrypt ransomware. After detecting the computers that are vulnerable, Endpoint Central lets you identify the computers that are missing critical patches and then deploy those patches immediately. You can also use Endpoint Central's firewall configuration to block the vulnerable ports so that you can prevent WannaCrypt from spreading across your network. WannaCrypt ransomware targets computers that are out of date, so you will have to verify that all the critical security patches are deployed on all the computers. Endpoint Central has already released the security patches below. You can now be assured that your network is secure from WannaCrypt ransomeware attack.

Download free e-book: Six best practices for escaping ransomware

Which computers are targeted?

WannaCrypt ransomware is a worm that targets computers running Windows operating systems that are not up-to-date. Refer this article for more details on the ransomware and its effects.

Endpoint Central has already released the following security patches.

For computers running Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and Windows 8:

Patch ID 22058 Security Update for Windows Vista (KB4012598)
Patch ID 22059 Security Update for Windows Vista for x64-based Systems (KB4012598)
Patch ID 22060 Security Update for Windows Server 2008 (KB4012598)
Patch ID 22061 Security Update for Windows Server 2008 for x64-based Systems (KB4012598)
Patch ID 22513 Security Update for Windows XP SP3 (KB4012598)
Patch ID 22516 Security Update for Windows XP SP2 for x64-based Systems (KB4012598)
Patch ID 22514 Security Update for Windows Server 2003 (KB4012598)
Patch ID 22517 Security Update for Windows Server 2003 for x64-based Systems (KB4012598)
Patch ID 22515 Security Update for Windows 8 (KB4012598)
Patch ID 22518 Security Update for Windows 8 for x64-based Systems (KB4012598)
Patch ID 22062 March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
Patch ID 22063 March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212)
Patch ID 22064 March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4012212)
Patch ID 22044 March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
Patch ID 22045 March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4012215)
Patch ID 22046 March, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4012215)
Patch ID 22070 March, 2017 Security Only Quality Update for Windows Server 2012 (KB4012214)
Patch ID 22150 March, 2017 Security Monthly Quality Rollup for Windows Server 2012 (KB4012217)
Patch ID 22065 March, 2017 Security Only Quality Update for Windows 8.1 (KB4012213)
Patch ID 22066 March, 2017 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4012213)
Patch ID 22067 March, 2017 Security Only Quality Update for Windows Server 2012 R2 (KB4012213)
Patch ID 22047 March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
Patch ID 22148 March, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4012216)
Patch ID 22149 March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
 
For computers running Windows 10:
Patch ID 22509 2017-05 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4019472) KB4013429 > KB4015438 > KB4016635 > KB4015217 > KB4019472
Patch ID 22507 2017-05 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4019472) KB4013429 > KB4015438 > KB4016635 > KB4015217 > KB4019472
Patch ID 22508 2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4019472) KB4013429 > KB4015438 > KB4016635 > KB4015217 > KB4019472
Patch ID 22345 Cumulative Update for Windows 10 Version 1511 (KB4019473) KB4013198 > KB4016636 > KB4015219 > KB4019473
Patch ID 22346 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4019473) KB4013198 > KB4016636 > KB4015219 > KB4019473
Patch ID 22340 Cumulative Update for Windows 10 (KB4015221) KB4012606 > KB4016637 > KB4015221
Patch ID 22341 Cumulative Update for Windows 10 for x64-based Systems (KB4015221) KB4012606 > KB4016637 > KB4015221

 

 

How do you secure the network from WannaCrypt using Endpoint Central?

You can secure your network from WannaCrypt by following the steps:

  1. Deploy the critical patches to the respective computers
  2. Disable SMBv1 protocol

Deploying the critical patches to respective computers 

  1. Ensure that you Patch Vulnerability database is up to date. To update, click Patch Mgmt >> Update Now in the bottom left
  2. After syncing the database, scan the managed computers. To scan click Patch Mgmt >> Scan Systems >> Scan All.
  3. You can detect if these patches are missing by following these steps: Click Patch Mgmt >> Choose All Patches >> Choose Applicable Patches(Detailed View) >> Search 'WannaCrypt' in the Patch Description box >> You can identify the computers that are missing the critical patches or already have the patches installed on them.

Disable SMBv1 protocol

  • For computers running Windows Vista and later versions
  • For computers running Windows XP

 

For computers running Windows Vista and later versions

Disable SMBv1 protocol in machines with Windows vista and above using Endpoint Central by following the steps:

  1. Sync your Script Templates. To sync click Configurations >> Script Repository >> Templates >> Sync button.

     

  2. Add the script, "WannaCry_DisableSMBV1.bat", to the repository. From the repository, deploy this script as a computer configuration to the desired target machines.

     

  3. Ensure that you exclude Windows XP OS in the target.

For computers running Windows XP

Disable SMB vulnerable port using firewall configurations. You can create a firewall configuration and block the following vulnerable ports

  • TCP 139
  • TCP 445
  • UDP 137
  • UDP 138

These ports can be blocked using the firewall configuration, as explained below:

  1. Open Firewall Configuration 

     

  2. Under Windows XP, select ON under Action on Firewall and select Block under Action on Ports. Select the port 137 which needed to be blocked. Block the other ports by clicking on Add More Ports.

  3. Ensure that you have added all the vulnerable ports as given in the below screenshot and deploy this configuration to Windows XP machines.

You can now feel assured that your network is secure from WannaCrypt ransomer attack.
Don't have Endpoint Central? Try our free edition and manage 25 computers and 25 mobile devices for free.

Training video

Faq's

  • How to disable SMBv1 protocol? Disable SMBv1 protocol to prevent WannaCrypt from spreading across your network using Endpoint Central:
    Firstly, sync with your Script Repository.
    Download and run WannaCry_DisableSMBV1.bat from Script Templates
    Else, you can use firewall configurations to block vulnerable ports - TCP Ports 139 & 445, UDP Ports 137 & 138.
  • How to enable SMBv1 protocol? For enabling, you can use EnableSMBv1.bat.
  • What happens when I block these vulnerable ports? These are the ports that need to be blocked - TCP Ports 139 & 445, UDP Ports 137 & 138.
    On blocking, computers will not be able to access shared folders and other SMB services. After you patch all your systems, you can unblock these ports. For unblocking, you can use EnableSMBv1.bat.
  • What to do if the same port that is blocked, is used by any other business application? Blocking is just a temporary fix to avoid spreading of this attack within your network. After you patch all your systems, you can unblock these ports.
  • I only hear of XP, Vista Client Systems, what we can/must do for Windows 7, 8, 10 Systems? For Windows Vista & above, prevent WannaCrypt from spreading across your network by:
    1) Sync with Script Repository
    2) Download Script "WannaCry_DisableSMBV1.bat" from Script Templates
    3) Deploy this configuration as Computer configuration (Exclude Operating System Windows XP in target)
  • I have Endpoint Central 91030 and I'm unable to find the script repository option. You have to upgrade to the latest version of Endpoint Central. For upgrading, https://www.manageengine.com/products/desktop-central/service-packs.html
  • Do I need Patch Manager Plus if I have Endpoint Central? When you have Endpoint Central, there is no necessity for Patch Manager Plus. Patch Manager Plus is a stand alone application for patching. On the other hand, Endpoint Central is a complete Enterprise Mobile and Device Management suite.