Bobcares
Client Area
Emergency Support
Server Administration

Secure your Windows 2003 and 2008 servers from WannaCry ransomware

PDF Header PDF Footer

WannaCry ransomware is all over the news now, causing the internet world to shake in doubt and fear. With over 200,000 computers in 150 countries being affected, the damage is really wide-spread.

For businesses and servers that are affected by this malware, the impact of this attack is huge and can lead to loss of business. As a result, it is important to secure your servers for ensuring their normal functioning.

How WannaCry ransomware affects your Windows 2003 and 2008 servers

WannaCry ransomware is a malware that affects all outdated Microsoft Windows servers that did not apply the critical security patch released by Microsoft in March 2017.

By encrypting the files on the infected servers, the hackers make the users unable to retrieve their data and demand ransom for releasing the data back to its owners.

This ransomware spreads from one server to others in its network, by using a vulnerability in Server Message Block (SMB) implementation of Windows systems, called ETERNALBLUE.

The Server Message Block (SMB) Protocol is a network file sharing protocol. Due to the security vulnerabilities in Microsoft’s implementation of SMB protocol, it has become a primary attack vector for intrusion attempts.

The malware can spread to other servers via emails that are sent from the infected server. After infecting, this Wannacry ransomware displays following screen on infected system:

 

wannacry-ransomware

Wannacry ransomware attack message

 

WannaCry encrypts files such as commonly used Office documents, archives, media, emails, databases, encryption keys, certificates, virtual machine fines and other project files.

The files are modified in bulk using a batch script and the extension ‘.WCRY’ gets appended to the end of these file names. It also leaves a file ‘!Please Read Me!.txt’, that contains details of what has happened and how to pay the ransom.

A version 2 of the WannaCry ransomware malware is also circulating now, which is worse than the initial one. It is, therefore, crucial to protect your servers RIGHT NOW!

[ Securing your servers doesn’t have to be hard, or costly. Get world class Server Maintenance services at $74.99/server/month ]

How to protect your Windows 2003 and Windows 2008 servers from WannaCry ransomware

If your servers are running Microsoft Windows Server 2003 or Windows Server 2008 OS, and other vulnerable or outdated versions, then you are at risk.

To protect your servers, it is important to perform these security measures:

  1. Microsoft has released the security patches for all prominent OS versions, and the relevant security patch should be applied to your Windows 2003 and 2008 servers, at the earliest.
  2. It is crucial to backup all the critical server data and store them in a safer external storage.
  3. Mail servers should be secured and all outgoing and incoming emails should be scanned for malicious attachments or viruses.
  4. Configure the updated anti-virus programs that are smart enough to track these malware.
  5. Scan the server for WANNACRY ransomware hashes in files and remove the ones that are affected.
  6. Secure the server files and network to protect it from hackers and regularly audit the servers and network for any vulnerabilities.
  7. All software downloads should be monitored and controlled to prevent users from installing malicious scripts in the server.
  8. Use strong spam-filtering techniques to prevent inbound spamming and methods to avoid email spoofing.
  9. Disable the outdated SMBv1 protocol and block incoming traffic in SMB port 445.
  10. If the server is already infected, you need to temporarily disable SMB or block SMB ports and retrieve the infected files, or even do a fresh install and restore the files from backups.

Since some security patches are not available ready-made, and permanently disabling SMB can lead to functionality issues, the best strategy for your server should be chosen only with an expert help.

Though Microsoft had released security patches earlier, many server owners missed out in applying it on their Windows 2003 and Windows 2008 servers, causing them to be vulnerable to the attack.

[ You don’t have to lose your sleep over your server security. Our server specialists secure your servers at just $44.99/hr. ]

How can we help secure your Windows 2003 and Windows 2008 servers

At Bobcares, our security experts help secure servers for web hosts by updating them with the latest security patches and hardening the network and services.

With our regular top-down security audits and multi-layered security defenses, we enable our customers’ servers to stay impenetrable against any new threats or vulnerabilities.

Some of the security measures that our 24/7 server specialists perform in our customers’ Windows 2003 and Windows 2008 servers to protect them from attacks, include:

  1. Maintaining the Windows server software and applications updated with the latest security patches.
  2. Disabling email spoofing with the help of RDNS (Reverse DNS), Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) tools for domains.
  3. Monitoring the server logs and processes 24/7 for any suspicious activity and taking prompt corrective actions.
  4. Restricting user privileges and application permissions to block unwanted binaries from messing up the server.
  5. Deploying web and email filters to scan and block suspicious domains and email attachments from reaching the server.
  6. Configuring the latest anti-virus and other malware scanning tools that can identify and block malicious scripts.
  7. Setting up a fool-proof backup policy for critical server data and regularly validate the data integrity.
  8. Enabling data encryption for all critical services and securing web browsers with appropriate content controls.
  9. Securing the server using firewalls, disabling unwanted ports and protocols and segregating network into security zones.
  10. Conducting periodic security audits and Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploits.

Much like how a fort is secured by a moat, canons, archers and steep walls, effective server security can be ensured only with multiple layers of defenses.

Bobcares helps online businesses of all sizes achieve world-class security and uptime, using tried and tested solutions. If you’d like to know how to make your Windows servers more secure, we’d be happy to talk to you.

 

Related posts:

    1. The Role of Microsoft Hyper-V for Virtualization in Windows Server 2008
    2. Windows Server 2008R2 SP1 Beta – 2 new features added!
    3. Windows Server 2003 Boot Process: Common Errors & Solutions
    4. Are your servers secure against Petya Ransomware attack?

Are your servers vulnerable?

We can help you patch your servers, do a full-site security testing and secure your services from attacks.

SECURE MY WINDOWS 2003 / 2008 SERVERs

Emergency services provided at $59.99/hr


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Get featured on the Bobcares blog and share your expertise with a global tech audience.

WRITE FOR US
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. The Role of Microsoft Hyper-V for Virtualization in Windows Server 2008
  2. Windows Server 2008R2 SP1 Beta – 2 new features added!
  3. Windows Server 2003 Boot Process: Common Errors & Solutions
  4. Are your servers secure against Petya Ransomware attack?

Top Categories

Speed issues driving customers away?
We’ve got your back!

OPTIMIZE TODAY

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF