·£¼¶¿þÀÌ °ü·ÃÇÏ¿© MS·ÎºÎÅÍ ´ëÀÀ ¹æ¹ýÀ» Àü´Þ ¹Þ¾Æ °øÀ¯ µå¸®¿À´Ï ¾÷¹«¿¡ Âü°íÇϽñ⠹ٶø´Ï´Ù.
Microsoft º¸¾È ¾÷µ¥ÀÌÆ®°¡ Àû¿ëµÇÁö ¾ÊÀº Ãë¾àÇÑ Windows ½Ã½ºÅÛÀ» °Ü³É ÇÑ ¡®WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î¡¯ÀÇ °ø°ÝÀÌ Àü¼¼°èÀûÀ¸·Î ÁøÇàµÇ°í ÀÖ½À´Ï´Ù.
·£¼¶¿þ¾î¶õ ÄÄÇ»ÅÍ »ç¿ëÀÚÀÇ ÆÄÀÏÀ» ÀÎÁú·Î ±ÝÀüÀ» ¿ä±¸ÇÏ´Â ¾Ç¼º ÇÁ·Î±×·¥À¸·Î ¸ö°ªÀ» ¶æÇÏ´Â ·£¼¶(Ransom)°ú ¼ÒÇÁ¿þ¾î(Software)ÀÇ ÇÕ¼º¾îÀÔ´Ï´Ù.
WannaCry ·£¼¶¿þ¾î °¨¿° ½Ã ¹®¼ ÆÄÀÏ, DBÆÄÀϵîÀ» ¾ÏÈ£ÈÇϸç, ¾ÏÈ£¸¦ Ǫ´Â ´ë°¡·Î ºñÆ® ÄÚÀÎÀ» ¿ä±¸ÇÕ´Ï´Ù.
WannaCry ·£¼¶¿þ¾î ´Â Microsoft º¸¾È ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇÏÁö ¾ÊÀº ȯ°æÀÇ Windows Ãë¾àÁ¡À» ¾Ç¿ëÇÑ °ÍÀ¸·Î, 2017³â 3¿ù ¹ßÇ¥µÈ Microsoft º¸¾È ¾÷µ¥ÀÌÆ® [MS17-010 Microsoft Windows SMB ¼¹ö¿ë º¸¾È ¾÷µ¥ÀÌÆ®(4013389)]¿¡¼ ÀÌ¹Ì ÀÌ Ãë¾àÁ¡ÀÌ ÇØ°áµÇ¾ú½À´Ï´Ù. MS17-010 º¸¾È ¾÷µ¥ÀÌÆ® Àû¿ëÇÏ¿© °ø°ÝÀ» ¿¹¹æÇÒ ¼ö ÀÖÀ¸¸ç, ¶ÇÇÑ ÇØ´ç ¾÷µ¥ÀÌÆ®°¡ ÀÌ¹Ì Àû¿ëµÈ Windows ½Ã½ºÅÛÀº À̹ø °ø°Ý¿¡¼ ¾ÈÀüÇÕ´Ï´Ù.
¾Æ·¡ÀÇ ´ëÀÀ ¹æ¹ýÀ» Àû¿ëÇÏ¿© À̹ø ·£¼¶¿þ¾î °¨¿°À¸·Î ÀÎÇÑ ÇÇÇØ°¡ ¾øÀ¸½Ã±â¸¦ ¹Ù¶ø´Ï´Ù.
[WannaCry ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý]
* Á¶Ä¡ ¹æ¹ý
¨ç »ç¿ëÇÏ°í ÀÖ´Â ¹é½Å ¼ÒÇÁÆ®¿þ¾î¸¦ ÃÖ½ÅÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ°í ½Ã½ºÅÛÀ» °Ë»çÇÕ´Ï´Ù.
¸¸ÀÏ ¼³Ä¡µÈ ¹é½Å ¼ÒÇÁÆ®¿þ¾î°¡ ¾ø´Ù¸é Microsoft ¹é½Å ¼ÒÇÁÆ®¿þ¾î¸¦ ÀÌ¿ëÇϽʽÿÀ.
Windows Defender ¿Í Microsoft Anti-Malware Á¦Ç°ÀÇ ÃֽŠ¿£Áø ¹öÀü 1.243.290.0 ¿¡¼ Ransom:Win32/WannaCrypt ·Î ÇØ´ç ¸È¿þ¾î°¡ Â÷´ÜµË´Ï´Ù.
- >Windows 8.1 ¹× Windows 10 : Windows Defender ÀÌ¿ë
- >Windows 7, Windows Vista: Microsoft Security Essentials ÀÌ¿ë
- >Microsoft ¹«·á PCº¸¾È °Ë»ç : Microsoft Safety Scanner ÀÌ¿ë
¨è Windows Update ¶Ç´Â WSUSµîÀ» ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛÀ» ÃÖ½ÅÀ¸·Î º¸¾È ¾÷µ¥ÀÌÆ® ÇÕ´Ï´Ù.
WUÀ» »ç¿ëÇÒ ¼ö ¾ø´Â °æ¿ì, Microsoft º¸¾È ¾÷µ¥ÀÌÆ® MS17-010 ¸¦ ¼öµ¿ ¼³Ä¡ÇÕ´Ï´Ù. OSº° ¼³Ä¡ °æ·Î´Â ¾Æ·¡¿Í °°½À´Ï´Ù.
Microsoft º¸¾È °øÁö MS17-010 – ±ä±Þ Microsoft Windows SMB ¼¹ö¿ë º¸¾È ¾÷µ¥ÀÌÆ®(4013389)
https://technet.microsoft.com/ko-kr/library/security/ms17-010.aspx
¨é º¸¾È ¾÷µ¥ÀÌÆ® MS17-010À» Àû¿ëÇÒ ¼ö ¾ø´Ù¸é, ¡®Microsoft SMBv1 »ç¿ë ¾ÈÇÔ¡¯À¸·Î ¼³Á¤ÇÕ´Ï´Ù.
WannaCry ·£¼¶¿þ¾î´Â Microsoft SMBv1 ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-0145) À» ÀÌ¿ëÇÕ´Ï´Ù. ÆÐÄ¡¸¦ ¼³Ä¡ÇÏÁö ¸øÇÏ´Â °æ¿ì SMBv1 »ç¿ëÀ» ÇØÁ¦ÇÏ¿© ÀÌ Ãë¾àÁ¡ ¾Ç¿ëÀ» ÇÇÇÒ ¼ö ÀÖÀ¸³ª °¡´ÉÇÑ ºü¸¥ ½ÃÀϳ»¿¡ ÆÐÄ¡¸¦ Àû¿ëÇÒ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.
[SMBv1 »ç¿ë ¾È ÇÔ]
Windows Vista ÀÌ»óÀ» ½ÇÇàÇÏ´Â °í°´
Microsoft ±â¼ú ÀÚ·á ¹®¼ 2696547À» ÂüÁ¶ÇϽʽÿÀ.
Windows 8.1 ¶Ç´Â Windows Server 2012 R2 ÀÌ»óÀ» ½ÇÇàÇÏ´Â °í°´ÀÇ ´ë¾È ¹æ¹ý
Ŭ¶óÀ̾ðÆ® ¿î¿µ üÁ¦:
1.. >Á¦¾îÆÇÀ» ¿°í ÇÁ·Î±×·¥À» Ŭ¸¯ÇÑ ÈÄ Windows ±â´É »ç¿ë/»ç¿ë ¾È ÇÔÀ» Ŭ¸¯ÇÕ´Ï´Ù.
2.. >Windows ±â´É â¿¡¼ SMB1.0/CIFS ÆÄÀÏ °øÀ¯ Áö¿ø È®ÀζõÀÇ ¼±ÅÃÀ» ÇØÁ¦ÇÏ°í È®ÀÎÀ» Ŭ¸¯ÇØ Ã¢À» ´Ý½À´Ï´Ù.
3.. >½Ã½ºÅÛÀ» ´Ù½Ã ½ÃÀÛÇÕ´Ï´Ù.
¼¹ö ¿î¿µ üÁ¦:
4.. >¼¹ö °ü¸®ÀÚ¸¦ ¿°í °ü¸® ¸Þ´º¸¦ Ŭ¸¯ÇÑ ÈÄ ¿ªÇÒ ¹× ±â´É Á¦°Å¸¦ ¼±ÅÃÇÕ´Ï´Ù.
5.. >±â´É â¿¡¼ SMB1.0/CIFS ÆÄÀÏ °øÀ¯ Áö¿ø È®ÀζõÀÇ ¼±ÅÃÀ» ÇØÁ¦ÇÏ°í È®ÀÎÀ» Ŭ¸¯ÇØ Ã¢À» ´Ý½À´Ï´Ù.
6.. >½Ã½ºÅÛÀ» ´Ù½Ã ½ÃÀÛÇÕ´Ï´Ù.
ÇØ°á ¹æ¹ýÀÇ ¿µÇâ. ´ë»ó ½Ã½ºÅÛ¿¡¼ SMBv1 ÇÁ·ÎÅäÄÝÀÌ »ç¿ëµÇÁö ¾Êµµ·Ï ¼³Á¤µË´Ï´Ù.
ÇØ°á ¹æ¹ýÀ» ½ÇÇà Ãë¼ÒÇÏ´Â ¹æ¹ý. ¹®Á¦ ÇØ°á ´Ü°è¸¦ ´Ù½Ã ¼öÇàÇÏ¸é¼ SMB1.0/CIFS ÆÄÀÏ °øÀ¯ Áö¿ø ±â´ÉÀ» È°¼º »óÅ·Πº¹¿øÇÕ´Ï´Ù.
¨ê ³×Æ®¿öÅ© ¹æȺ® ¹× Windows ¹æȺ®À» ÀÌ¿ëÇÏ¿© SMB °ü·Ã Æ÷Æ® Â÷´Ü
- SMB °ü·Ã Æ÷Æ® : 137(UDP), 138(UDP), 139(TCP), 445(TCP)
¡Ø SMB ¼ºñ½º Æ÷Æ® Â÷´Ü ½Ã °øÀ¯ ¹× ±âŸ °ü·Ã ¼ºñ½º°¡ ÁßÁöµÉ ¼ö ÀÖÀ¸´Ï Àû¿ë Àü ¹Ýµå½Ã ¿µÇâÀÌ ¾ø´ÂÁö Á¡°ËÇϽŠÈÄ Àû¿ëÇϽñ⠹ٶø´Ï´Ù.
- °ü·Ã ¹®¼ : KB 3185535 - ƯÁ¤ ¹æȺ® Æ÷Æ®¸¦ Â÷´ÜÇÏ¿© SMB Æ®·¡ÇÈÀÌ È¸»ç ȯ°æÀ» ºüÁ®³ª°¡Áö ¸øÇϵµ·Ï Çϱâ À§ÇÑ Áöħ
WannaCry ·£¼¶¿þ¾î °¨¿°Áõ»ó
..WNCRY ÆÄÀÏÀÌ Ãß°¡µÇ¸ç, ´ÙÀ½°ú °°Àº ÆÄÀÏÀÌ Ç¥½ÃµË´Ï´Ù.
r.wnry , s.wnry, t.wnry , taskdl.exe , taskse.exe , 00000000.eky , 00000000.res , 00000000.pky , @WanaDecryptor@.exe , @Please_Read_Me@.txtm.vbs , @WanaDecryptor@.exe.lnk
Ãß°¡ Á¤º¸
Microsoft Security Response Center Blog, Customer Guidance for WannaCrypt attacks : https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Microsoft Malware Protection Center Blog, WannaCrypt ransomware worm targets out-of-date systems: https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
Microsoft º¸¾È °øÁö MS17-010 – ±ä±Þ Microsoft Windows SMB ¼¹ö¿ë º¸¾È ¾÷µ¥ÀÌÆ®(4013389) : https://technet.microsoft.com/ko-kr/library/security/ms17-010.aspx
CVE-2017-0145 | Windows SMB ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾à¼º : https://portal.msrc.microsoft.com/ko-kr/security-guidance/advisory/CVE-2017-0145