A huge cyberattack in the form of Ransomware known as WannaCry, DoublePulsar, etc. are spreading quickly across the globe and affected at least 99 countries.
Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) has received victim reported that data has been encrypted by WannaCry, and attack trace has been detected in some local institutes.
WannaCry encrypts files on victims’ computers and adds a .WCRY file extension to them. Files on network drives are also affected.
Data will be unrecoverable due to encrypted by ransomware.
[Reminder] ‘System Watcher’ function should be enabled in Kaspersky anti-virus software. ‘System Watcher’ has a feature of rolling back any unwanted changes such as file encryption.
Ensure up-to-date anti-virus software.
Backup your files regularly and keep them in a separate and safe place.
If you are unable to install patches to any Windows machine, you can (1) turn off SMBv1 as a workaround and (2) apply patches asap.
A. 3 methods to deploy the hotfix:
You can choose any of below 3 methods to deploy ms17-010.
To use WSUS to deploy.
To use GPO deploy ms17-010 using startup/shutdown script via wusa.exe command:
If already have the .msu file downloaded, can use below command to install. Need to use network path wusa.exe xxxx.msu /quiet
To use GPO deploy ms17-010 using startup/shutdown script via dism.exe command, if you have the .cab file. Use below command to install. Need to use network path DISM.exe /Online /Add-Package /PackagePath:xxx.cab
Note, you can convert .msu to .cab, can use below command. Need to specify a new folder for convert result. Expand –F:* c:\kb976571\Windows6.1-KB976571-v2-x64.msu c:\temp\976571