SMBv1 disabling and hardening is essential for mitigating

Disable SMBv1 to Mitigate Wannacry

Reading time: 2 Minutes Read

Roy Ludmir

• Updated on: May 21, 2025

On May 12^th a Ransomware campaign named “Wannacry” has been promoted around the world, successfully attacking organizations such as hospitals, critical government offices, manufacturers and banks.

While the ransomware itself and the phishing campaign were standard, the campaign used a sophisticated attack method that was leaked by the NSA which led to the fast distribution of the ransomware once inside the organization. The attack is utilizing the SMBv1 protocol, Microsoft recommended to stop using this protocol about 3 years ago. As stated in a blog post we published earlier this year Microsoft encouraged organizations to move to the new SMB versions and harden SMBv1- https://calcomsoftware.com/disable-hardening-smbv1

During the past 6 months, a few critical vulnerabilities were found in the SMBv1 protocol, allowing remote code execution. Joining Microsoft, the US-CERT and CIS are also encouraging organizations to stop using and harden SMBv1. Although Microsoft published patches that should be implemented immediately, patching SMBv1 is a temporary solution as this 30-year-old protocol has many vulnerabilities yet to be revealed, if ever.

Hardening SMBv1 should take place immediately and is critical for protecting the organizational network. The same exploit methodology used by the “Wannacry” campaign can be used by other attacks utilizing other/new vulnerabilities in SMBv1.

IT teams should keep in mind that there is an operational risk in disabling SMBv1 as legacy systems and applications might still use it; the usage of the SMBv1 protocol should be mapped and all the dependencies must be revealed on servers before hardening. Using the Calcom Hardening Solution (CHS) learning capabilities saves time and lowers the operational risk related to hardening SMBv1. CHS learning mode provides automated usage mapping and reveals the systems and applications dependent on the protocol.

This attack is just one example out of many that organizations could avoid if implementing common hardening standards for computers.

For more information:

https://superuser.com/questions/1211055/what-is-the-implication-of-ms17-010-patch-and-smbv1-deactivation-related-to-wann

https://community.spiceworks.com/topic/1995980-smb-v1-and-wannacry-wannacrypt-expliot

https://www.scmagazine.com/no-i-dont-wannacry-and-wannacry-20/article/661490

"Neutralize the risk from SMB, NetBIOS, and NTLM

See how

About Us

Established in 2001, CalCom is the leading provider of server hardening solutions that help organizations address the rapidly changing security landscape, threats, and regulations. CalCom Hardening Suite (CHS) is a security baseline hardening solution that eliminates outages, reduces operational costs, and ensures a resilient, constantly hardened, and monitored server environment.