The recent ransomware attacks have had a inadvertent side effect at my home and office: It has pointed out to me how much I’m still dependent on Server Message Block v1 (SMB v1). Microsoft’s workaround for the recent ransomware attacks have recommended the following workaround as noted in KB2696547: disabling SMB v1, and leaving SMB v2 and SMB v3 alone unless you need to troubleshoot your security settings.
As noted in a September 2016 blog post, SMB v1 is a 30 year old protocol that has seen better days. The recent ransomware attacks using this protocol to amplify their mayhem have some security researchers still unsure of exactly how the initial attack vector took place. It’s unclear at this time if this ransomware came through targeted email attacks (like many other ransomware attacks), or, if this was a unique attack that possibly infected a workstation, which then brought the attack into the impacted networks through some network access point previously used to bring in other worm like attacks.
While it’s unclear how the initial infection started out, it’s clear that once the infection got into the network, it relied on vulnerabilities in SMB v1 to basically run rampant through the network. This is why so many security sites recommended disabling SMB v1 as an old and out of date protocol.
As pointed out on the Vinransomware blog site, the best way for a consumer or home user to disable SMBv1 is through the graphical user interface.
- Click on the Search option and search for “Windows Features”
- Look for the result “Turn Windows Features on and off.”
- Look for SMB 1.0/CIFS File sharing support checked
- Uncheck the box
- Reboot your computer to take effect