As part of our ongoing efforts to warn the public about the Wanna Cry ransomware plague that is ravaging computer systems across the globe, the Vertical IT team is putting together educational articles such as this one to accurately describe ways you can fortify your business IT against the onslaught of pain being wielded by these criminals.

Ransomware SMB Wanna Cry

One of the methods of defense against Wanna Cry – suggested by many IT professionals – is the disabling of Server Message Block (SMB)v1 in Windows and Windows Server.

Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.

Here are the instructions from Microsoft:

How to enable or disable SMB protocols on the SMB server

Windows 8 and Windows Server 2012

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

Notes When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

  • To obtain the current state of the SMB server protocol configuration, run the following cmdlet:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

  • To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB2Protocol $false

  • To enable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

  • To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB2Protocol $true

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB1 -Type DWORD -Value 0 -Force

  • To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB2 -Type DWORD -Value 0 -Force

  • To enable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB1 -Type DWORD -Value 1 -Force

  • To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB2 -Type DWORD -Value 1 -Force

Note You must restart the computer after you make these changes.

Registry Editor

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To enable or disable SMBv1 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

To enable or disable SMBv2 on the SMB server, configure the following registry key:

Registry subkey:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParametersRegistry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

How to enable or disable SMB protocols on the SMB client

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

Note When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

  • To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

  • To enable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

  • To disable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

  • To enable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto

Notes

  • You must run these commands at an elevated command prompt.
  • You must restart the computer after you make these changes.

 

Other important safeguards against Wanna Cry ransomware include backing up all your essential files and applications, running a respected antivirus program, and being careful not to open any emails attachments that are from an unknown source.

Is your business prepared? The Vertical IT cyber-security professionals are ready to help you fortify your business against this Wanna Cry ransomware onslaught.

Call us now at (888) 505--8215 or send and email to info@verticalitcorp.com for a cyber-security consultation.

Are You Looking For An IT Company To Help Your Business?

Have Our Expert Team on Your Side

Real Time Web Analytics