با سلام وقت بخیر،
حدودا یک ساعت پیش ایمیل امنیتی از سمت دیتا سنتر هتزنر دریافت کردیم.
لطفا پورت 445 tcp در ورودی و خروجی سرور های ویندوز خودتون بلاک کنید.
همچنین ویندوز به آخرین نسخه آپدیت کنید.

متن ایمیل به صورت زیر می باشد :
We received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.

On 23 May 11:50, reports@reports.cert-bund.de wrote:
> Dear Sir or Madam
>
> We are writing to inform you about systems in your network
> area that have become compromised; attackers have installed
> a backdoor on these systems, which gives the attackers full
> access to the systems.
>
> On 14 March 2017, Microsoft published a security update for
> a vulerability in Microsoft Windows. The update was rated
> "critical":
> <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx>
>
> When attackers make use of the vulnerability, it allows them
> to excute any codes remotely by sending specially crafted
> Microsoft Server Message Block (SMB) requests to Windows
> systems if port 445/tcp is left open and accessible to the
> internet.
>
> If systems have not yet received the above-named update,
> attackers can use the vulnerability to install a backdoor,
> through which they can gain complete access to the system.
> Ransomeware such as "WannaCry" can then enter compromised
> systems via this backdoor:
> <THIS LINK IS NOT IN ENGLISH - PLEASE ENTER SIMILAR LINK HERE!!!!>
>
> The Shadowserver Foundation (https://www.shadowserver.org)
> is now performing scans of the Internet to try to find systems
> that have been compromised with backdoors like "Wannacry". The
> Shadowserver Foundation has been sending the scan results for
> systems located in Germany to Germany's national Cyber Emergency
> Response Team (CERT), and then CERT has been informing affected
> system administrators.
>
> Below, you will find a list of affected systems in your network
> area. The timestamp (timezone UTC) tells you when Shadowserver
> identified the backdoor on the affected system.
>
> We urge you to investigate the situation and to take
> appropriate action, such as informing your customers.
>
> This email is digitally signed with PGP. You can find
> information about the key that was used for this at:
> <https://www.cert-bund.de/reports-sig>

> Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik (BSI)
> Federal Office for Information Security
> Referat CK22 - CERT-Bund
> Godesberger Allee 185-189, D-53175 Bonn, Germany