Pharos software is not susceptible to WannaCrypt0r

Version 2

    Many of our partners and customers are understandably concerned with the stability and reliability of their infrastructure given the recent ransomware attacks. Pharos software is not susceptible to WannaCrypt0r, but we believe it's important to provide some clarifying details.

     

    Background

    Recently, a new and serious ransomware began rapidly spreading around the globe. It has various names, including Wannacry and WannaCrypt0r, and it has struck many companies and individuals. WannaCrypt0r relies on multiple SMBv1 flaws to enter and distribute itself across the internet and local networks. WannaCrypt0r encrypts files and offers to unlock them if a ransom of $300 is paid via Bitcoin. The specific SMB flaws used by Wannacrypt0r are:

     

    NVD - CVE-2017-0143

    NVD - CVE-2017-0144

    NVD - CVE-2017-0145

    NVD - CVE-2017-0146

    NVD - CVE-2017-0147

    NVD - CVE-2017-0148

     

    Patches to all these flaws have been released by Microsoft.

     

    Pharos Cloud Services

    Pharos cloud services use Windows servers (along with Linux, which is not affected by Wannacrypt0r) within Amazon Web Services (AWS). However, these services are behind firewalls and not exposed to any external connection. Also, these Windows servers have had the relevant patches applied. Lastly, the Pharos operations team strictly limit access to live cloud services, and do not permit any email applications to be run on any machine with access to cloud operations.

     

    We believe that our cloud services are fully protected from WannaCrypt0r.

     

    Pharos On-Premises Products

    Pharos develops several on-premises print management products, including Uniprint, Blueprint, MobilePrint, iMFPs, and Sentry. None of these products are natively susceptible to WannaCrypt0r. However, they all run on Windows servers so it's important to ensure your servers are protected. Because these products do not natively rely on SMBv1, they can be disabled without impacting any Pharos service (see below for instructions). Some print devices may use SMBv1 to provide services such as "Scan to folder" so you may need to check specific device models if you rely on these services.

     

    Pharos Internal IT Infrastructure

    Internally, all Pharos desktops and servers have auto-updates turned on and virus scanners installed. The rare instances where this is not possible are carefully controlled. (An example being developer snapshots of particular versions of operating systems used during development and testing.)

     

    Recommendations

    We recommend that all customers ensure that the SMB patches are applied on all Windows servers. If that is not possible immediately, then disabling SMBv1 may be a suitable temporary workaround. Also, all customers should have automatic updates enabled where possible, or a process for regular manual updates established.

     

    As always, we are happy to answer any questions you may have.

     

    - The Pharos Security Team

    pharossecurityteam@pharos.com