With two major ransomware outbursts within a month, some of you may be still wondering whether your computers are vulnerable to these attacks. To help you out, Elad Erez developed an easy-to-use scanner that scans the computers on your network to detect if they are safe from ransomware.
Eternal Blues is a free ransomware vulnerability scanner that scans your network to find the blind spots that are still vulnerable to WannaCry, Petya/NotPetya, and other EternalBlue-based attacks. It’s a portable tool that you can just download and run.
Simply click the SCAN button once launched and you will immediately start to learn which of your computers are still vulnerable and which aren’t. It’s simple like that.
Devices that are secure and not vulnerable will be labeled as “No“, and those that are vulnerable will be highlighted with a “YES“. Those marked as “No Response” are inactive connections.
When you see a “YES” labeled on a device, the immideate action is highly recommended.
- Install the MS17-010 patch from Microsoft as soon as you can.
- Disable SMBv1 if possible.
- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445. If that’s not possible, blocking ports 139 and 445 on workstation level. Further, you may also consider disabling remote WMI and file sharing the same time.
So, How the tool works?
Eternal Blues checks the existence of the EternalBlue vulnerability by sending 4 crafted SMB messages.
- SMB Negotiate Protocol
- SMB Session Setup AndX Request
- SMB Tree Connect (to IPC$)
- SMB Peek Named Pipe
If the status returned is “STATUS_INSUFF_SERVER_RESOURCES” the machine doesn’t have the MS17-010 patch installed, which means that the host is vulnerable to the attack.
Again, Eternal Blues is a ransomware scanner specifically made for EternalBlue-based attacks. Therefore, it will not check for other types of ransomware. If you are still worried about your system is vulnerable to these latest attacks, Eternal Blues may help you sleep well at night.