Skip to content

Windows Vs WanaCry and How to Quickly Find those Windows XP Machines.

Last updated on Jun 29, 2017

After this weekend’s latest Ransomware attack here is a quick way to find all those “Windows XP” machines still running in your environment.

What is WanaCry ?

This malware exploits a vulnerability in Microsoft’s Windows operating system that allows it to automatically spread across networks, which gives it the ability to quickly infect large numbers of machines at the same network.

This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect. Both of these actions require administrative privileges.”

There is a component of the ransomware that spreads laterally, could potentially be via SMB shares or leveraging a recent Microsoft bug to spread. The ransomware could have taken advantage of the bug in the SMB that addressed by Microsoft in last March 14.

Kindy  We would strongly recommend to confirm below,

  • All  system Anti-Virus solution are updated.
  • Kindly inspect your systems, mail gateway, servers for any trace of these malware, and isolate from your network in suspect of infection.

What does the Ransomware Look like ?

Here is a picture of a computer infected by the Ransomware.

To find all Windows XP machines run the following  PowerShell OneLiner:

 

#ThatLazyAdmin

Sharing is caring!

Published inAntiVirusPowerShellWindowsWindows XP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *