The Gaming Boardroom

Ransomware: ‘WannaCry’ guidance for enterprise administrators

Steve Tyler Leave a comment

Ransomware: ‘WannaCry’ guidance for enterprise administrators

Summary

The UK National Cyber Security Centre (NCSC) provides pragmatic, actionable guidance for enterprise administrators to reduce the risk of being hit by the WannaCry ransomware (and similar threats). Core advice centres on applying Microsoft’s MS17-010 patch, disabling SMBv1 where patching is not possible, isolating legacy systems, and ensuring antivirus products are up to date. The guidance also explains a short-term mitigation using specific domains discovered by researchers (the “kill-switch”), and lists who to contact if an organisation is infected.

Source

Source: https://www.ncsc.gov.uk/guidance/ransomware-wannacry-guidance-enterprise-administrators-1

Key Points

  1. Apply the MS17-010 patch on supported Windows systems; if Windows Update is enabled and up to date, you should already be protected.
  2. Microsoft released out-of-band patches for legacy platforms (Windows XP, Server 2003, Windows 8) that must be installed manually.
  3. If you cannot patch, disable SMBv1 (the worm propagation vector) or block SMBv1 ports (UDP 137, 138; TCP 139, 445) at network and host firewalls.
  4. Isolate legacy or vulnerable systems using network segmentation to limit exposure and damage.
  5. Keep on-host and boundary antivirus signatures up to date; many vendors can now detect and remediate WannaCry variants.
  6. Ensure systems can resolve and connect on TCP port 80 to two researcher-discovered domains (the “kill-switch”); do not block these domains and consider local DNS entries if proxies prevent resolution.
  7. Variants may add new domains or command-and-control methods; share indicators via CiSP and follow NCSC updates.
  8. If infected, contact Action Fraud (per NCA) and consider NCSC-certified Cyber Incident Response providers; the NCA advises against paying ransoms.
  9. Refer to broader NCSC ransomware guidance and consider Cyber Essentials for baseline protection.

Why should I read this?

Short and blunt: if you run Windows in an enterprise, this is essential. Patch MS17-010 now or isolate legacy kit. We’ve boiled down the steps so you don’t have to trawl the full advisory in a panic—follow the checklist and reduce the chance of a costly outage.

Context and relevance

WannaCry is a high-impact example of ransomware that spreads via network vulnerabilities. The guidance highlights broader trends: the danger of unpatched or legacy systems, the importance of segmentation and up-to-date endpoint defences, and the role of information sharing (CiSP) in containing outbreaks. Organisations should treat this as part of an ongoing cyber-hygiene programme and align controls with standards such as Cyber Essentials.

If you’re infected

Contact Action Fraud (NCA) and consider engaging NCSC-certified incident responders. Do not assume paying the ransom is the right option—the NCA encourages victims not to pay. Share technical indicators with CiSP to help protect others.

Further reading

See the NCSC’s full pages on ransomware protection and the Microsoft MS17-010 bulletin and out-of-band patches for legacy OSes for implementation details.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.