Bobcares

Secure your Windows 2003 and 2008 servers from WannaCry ransomware

PDF Header PDF Footer

WannaCry ransomware is all over the news now, causing the internet world to shake in doubt and fear. With over 200,000 computers in 150 countries being affected, the damage is really wide-spread.

For businesses and servers that are affected by this malware, the impact of this attack is huge and can lead to loss of business. As a result, it is important to secure your servers for ensuring their normal functioning.

How WannaCry ransomware affects your Windows 2003 and 2008 servers

WannaCry ransomware is a malware that affects all outdated Microsoft Windows servers that did not apply the critical security patch released by Microsoft in March 2017.

By encrypting the files on the infected servers, the hackers make the users unable to retrieve their data and demand ransom for releasing the data back to its owners.

This ransomware spreads from one server to others in its network, by using a vulnerability in Server Message Block (SMB) implementation of Windows systems, called ETERNALBLUE.

The Server Message Block (SMB) Protocol is a network file sharing protocol. Due to the security vulnerabilities in Microsoft’s implementation of SMB protocol, it has become a primary attack vector for intrusion attempts.

The malware can spread to other servers via emails that are sent from the infected server. After infecting, this Wannacry ransomware displays following screen on infected system:

 

wannacry-ransomware

Wannacry ransomware attack message

 

WannaCry encrypts files such as commonly used Office documents, archives, media, emails, databases, encryption keys, certificates, virtual machine fines and other project files.

The files are modified in bulk using a batch script and the extension ‘.WCRY’ gets appended to the end of these file names. It also leaves a file ‘!Please Read Me!.txt’, that contains details of what has happened and how to pay the ransom.

A version 2 of the WannaCry ransomware malware is also circulating now, which is worse than the initial one. It is, therefore, crucial to protect your servers RIGHT NOW!

[ Securing your servers doesn’t have to be hard, or costly. Get world class Server Maintenance services at $74.99/server/month ]

How to protect your Windows 2003 and Windows 2008 servers from WannaCry ransomware

If your servers are running Microsoft Windows Server 2003 or Windows Server 2008 OS, and other vulnerable or outdated versions, then you are at risk.

To protect your servers, it is important to perform these security measures:

  1. Microsoft has released the security patches for all prominent OS versions, and the relevant security patch should be applied to your Windows 2003 and 2008 servers, at the earliest.
  2. It is crucial to backup all the critical server data and store them in a safer external storage.
  3. Mail servers should be secured and all outgoing and incoming emails should be scanned for malicious attachments or viruses.
  4. Configure the updated anti-virus programs that are smart enough to track these malware.
  5. Scan the server for WANNACRY ransomware hashes in files and remove the ones that are affected.
  6. Secure the server files and network to protect it from hackers and regularly audit the servers and network for any vulnerabilities.
  7. All software downloads should be monitored and controlled to prevent users from installing malicious scripts in the server.
  8. Use strong spam-filtering techniques to prevent inbound spamming and methods to avoid email spoofing.
  9. Disable the outdated SMBv1 protocol and block incoming traffic in SMB port 445.
  10. If the server is already infected, you need to temporarily disable SMB or block SMB ports and retrieve the infected files, or even do a fresh install and restore the files from backups.

Since some security patches are not available ready-made, and permanently disabling SMB can lead to functionality issues, the best strategy for your server should be chosen only with an expert help.

Though Microsoft had released security patches earlier, many server owners missed out in applying it on their Windows 2003 and Windows 2008 servers, causing them to be vulnerable to the attack.

[ You don’t have to lose your sleep over your server security. Our server specialists secure your servers at just $44.99/hr. ]

How can we help secure your Windows 2003 and Windows 2008 servers

At Bobcares, our security experts help secure servers for web hosts by updating them with the latest security patches and hardening the network and services.

With our regular top-down security audits and multi-layered security defenses, we enable our customers’ servers to stay impenetrable against any new threats or vulnerabilities.

Some of the security measures that our 24/7 server specialists perform in our customers’ Windows 2003 and Windows 2008 servers to protect them from attacks, include:

  1. Maintaining the Windows server software and applications updated with the latest security patches.
  2. Disabling email spoofing with the help of RDNS (Reverse DNS), Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) tools for domains.
  3. Monitoring the server logs and processes 24/7 for any suspicious activity and taking prompt corrective actions.
  4. Restricting user privileges and application permissions to block unwanted binaries from messing up the server.
  5. Deploying web and email filters to scan and block suspicious domains and email attachments from reaching the server.
  6. Configuring the latest anti-virus and other malware scanning tools that can identify and block malicious scripts.
  7. Setting up a fool-proof backup policy for critical server data and regularly validate the data integrity.
  8. Enabling data encryption for all critical services and securing web browsers with appropriate content controls.
  9. Securing the server using firewalls, disabling unwanted ports and protocols and segregating network into security zones.
  10. Conducting periodic security audits and Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploits.

Much like how a fort is secured by a moat, canons, archers and steep walls, effective server security can be ensured only with multiple layers of defenses.

Bobcares helps online businesses of all sizes achieve world-class security and uptime, using tried and tested solutions. If you’d like to know how to make your Windows servers more secure, we’d be happy to talk to you.

 

Are your servers vulnerable?

We can help you patch your servers, do a full-site security testing and secure your services from attacks.

SECURE MY WINDOWS 2003 / 2008 SERVERs

Emergency services provided at $59.99/hr


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Get featured on the Bobcares blog and share your expertise with a global tech audience.

WRITE FOR US
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Speed issues driving customers away?
We’ve got your back!

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF