May 18, 2017
Important message from 3SI Security Systems
We are pleased to assure all of our customers that the 3SI Tracking Website (www.3sitracking.com / www.3sitracking.eu), our Corporate website (www.3sisecurity.com) and all related servers are NOT vulnerable to any impact related to the Windows “SMB” vulnerability or the “WannaCry” ransomware.
WannaCry (also known as WannaCrypt and other names) is a ransomware targeting the Microsoft Windows Operating system, seeking to exploit vulnerabilities discovered in the Server Message Block (SMB). On May 12, 2017, a large cyber-attack was launched and affected some 230,000 computers in over 150 countries. Microsoft knew of the SMB vulnerability in March 2017 and provided patches to supported software. Virtually all the vulnerability to WannaCry was caused by users relying on outdated and unsupported versions of Windows. (description abridged from Wikipedia).
Have you determined whether your environment or the services you provide are vulnerable to WannaCry?
Regarding our 3SI Tracking Website, the entire website and associated infrastructure is run on Linux and is not impacted. We do use Windows 10 and Macs for software development and the Windows 10 machines used were patched in March and again on May 10, 2017. Regarding our internal IT systems, vulnerability evaluation was completed on May 15, 2017, and patches were installed immediately.
What scanning and due diligence did you use to determine this?
The 3SI Tracking System Environment is not vulnerable to WannaCry because it is Linux-based. Even though our system has no vulnerability, we have applied patches and have run sample script tests to confirmed that the patches were effective. We continually monitor our systems and remain vigilant in preventing future vulnerability or attacks.
What about the Corporate Website?
All development and production servers have been patched and are not vulnerable.
Can I get more information?