Wanna cry? You won’t need to with Snow.

Document created by mark.lillywhite Employee on May 15, 2017Last modified by Dennis.Smith on May 15, 2017
Version 2Show Document
  • View in full screen mode

Unless you have your head in the sand or are in the remotest corner of the earth, you’ll have seen the devastating trail of the Wannacry ransomware as it has made its way across the globe stopping organizations in their tracks, disrupting many businesses and governmental bodies along the way.


So how can Snow help?


On the network, you’ll be checking into a patch management systems like WSUS. But for those devices beyond the corporate network it’s an unknown as to whether they have downloaded the latest patches and applied them. Remember ransom.wannacry targets a known vulnerability patched back in March with MS017-010. (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx)


Snow’s agents are capable of reporting over the internet, and our customers will be able to have visibility of those assets as well as ones on the network. And as luck would have it, our very latest Snow Inventory Agent for Windows 5.1 picks up build numbers (or roll ups) of the Windows 10 OS. This will help detect which machines have the very latest rollup applied, which includes MS017-010.


Other actions to take to detect your exposure:

  • wannacry leaves a file behind that can be detected as well as the encrypted files. You can also discover which computers have not had Patch MS17-010 applied, if not, they are vulnerable and remediation must happen fast.  
  • Specific inventory of status of the SMBv1 feature on Windows computers (this was the target for the ransom.wannacry)


Snow will be releasing inventory agent scripts specifically targeting MS17-010 within the next couple of days. Customers will be able to request this from Snow, and can use the automatic agent update functionality in Snow Inventory 5 to get this update out to the full estate. It will be able to give complete visibility of what part of your estate has the right patch applied and which devices do not have the critical patch and start to clean up what’s infected – and to begin to focus on those machines that don’t touch the network very often.


With this data collected by the agents, you will be able to quickly get the information you need to shore up your defences and take preventive steps.

12 people found this helpful