Hospitals across England hit by large-scale cyber-attack

To sysadmins stressing out on their friday evening with unpatched systems.

Quick workaround to mitigate the attack to give you time to patch (we know, 24/7, understaffed, shitty patch OTAP...). Below is a quick workaround to almost certainly stop this attack for now. Please update asap after this. No warranty, use at own risk, etc.

Disable smbv1 in Windows 7/2008R2 or higher

Article: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

Or alternatively:


Source: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

For client operating systems:

  • Open Control Panel, click Programs, and then click Turn Windows features on or off.
  • In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click * OK to close the window.
  • Restart the system.

For server operating systems: * Open Server Manager and then click the Manage menu and select Remove Roles and Features. * In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window. * Restart the system.


PS Warning, some old software relies on smbv1 (oldschool file sharing) and can break. Apps from the late 90s for example that requires Opportunistic locks.

/r/worldnews Thread Link - theguardian.com