Newly identified ransomware ‘EternalRocks’ is more dangerous than ‘WannaCry’

Wanacry-2-696x365

After a host of different ransomware attacks that hit enterprises across the globe, security researchers have now identified a new strain of malware “EternalRocks” that is more dangerous than WannaCry and is potentially tougher to fight.

According to the researchers, “EternalRocks” exploits the same vulnerability in Windows that helped WannaCry spread to computers. It also uses a NSA tool known as “EternalBlue” for proliferation, Fortune reported on Sunday.

You will be shocked to know that the ‘EternalRocks’ ransomware is more dangerous than WannaCry and it is potentially tougher to fight. The new ransomware leaves computers vulnerable to remote commands that could ‘weaponise’ the infection anytime.

EternalRocks /Doomsday worm uses six/seven NSA exploits (WannaCry used two).

“…it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry),” the report said. In its current form, “EternalRocks” does not have any malicious elements — it does not lock or corrupt files, or use compromised machines to build a botnet, but leaves infected computers vulnerable to remote commands that could ‘weaponise’ the infection at any time.

“EternalRocks” is stronger that WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware. EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, the report noted.The last 10 days have seen a wave of cyber attacks that have rendered companies helpless around the globe.

First it was WannaCrypt or WannaCry that spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. It encrypted files on infected machines and demanded payment for unlocking them.

WannaCry had some loopholes that made it easier to slow and circumvent. After facing a massive “WannaCrypt” ransomware attack, another type of malware quietly started generating digital cash from machines it infected.

Tens of thousands of computers were affected globally by the “Adylkuzz attack” that targeted machines, let them operate and only slowed them down to generate digital cash or “Monero” cryptocurrency in the background. “Monero” being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.

Posted in EternalRocks | Tagged , , , , , , , | Leave a comment

How to disable SMBv1 in Windows 10 and Windows Server

The WannaCry/WanaCrypt0r worm exploits a vulnerability in Windows Server Message Block (SMB) version 1 (SMBv1), and it spreads like wildfire. It is urged to disable SMBv1 in your Windows variant (Windows 10, 8.1, Server 2016, 2012 R2), and here is how if you haven’t done so yet.

What is Server Message Block (SMB) in Windows?

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.

The technical reference to CIFS is available from Microsoft Corporation at Common Internet File System (CIFS) File Access Protocol.

SMB1 is used in Windows XP and earlier (it’s nearly 30 years old!). The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008, while the SMBv3 protocol was introduced in Windows 8 and Windows Server 2012. To be blunt: SMB1 is old, not efficient, and now also vulnerable. Disable it now, stop using SMB1!

Windows 10 is not vulnerable to the WannaCry ransomware, but it’s still recommended to disable SMB1 if it’s enabled on your system.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

Disable SMBv1 using PowerShell

Remember, you have the SMB Server (or service), for creating a file share, and you have a SMB Client for accessing it. Here you’ll find more than one way to disable the services on both SMB server and SMB client.

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfigurationWindows PowerShell cmdlet.

The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

Note: When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack. Warning: Do not disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled, just SMBv1.

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

To obtain the current state of the SMB server protocol configuration, run the following cmdlet in Windows Server 2012, 2012 R2 and Windows Server 2016 and up:

Get-SmbServerConfiguration | Select EnableSMB1Protocol

2008 R2 and below:

Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

To disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Or in the Registry Editor: set the following registry key SMB1 entry from 1 to 0:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Set SMB1 to 0 (disabled, the default is 1 )

SMB client:
You can use the SC tool to disable the SMB v1 client:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

To disable, and gracefully remove, SMBv1 in Windows 8.1, Windows 10 (client), use the Disable-WindowsOptionalFeature cmdlet:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

SMB

More information can be found on Microsoft Support and The Deprecation of SMB1 – You should be planning to get rid of this old SMB dialect.

Posted in WannaCry, Windows | Tagged , , , , , , , , | Leave a comment

Despite security risks, older Windows versions plague thousands of businesses.

A map showing where WannaCry ransomware was installed

After the global cyberattacks on Friday that infected hundreds of thousands of computer with the WannaCry ransomware, the blame game has begun.

Who was behind the attack? How did the NSA lose control of its hacking tools used as part of this huge ransomware attack? Should we blame Microsoft for not patching older versions of Windows that were left vulnerable to the attack?

As it happens, thousands of businesses may only have themselves to blame.

According to recently released data from IT networking site Spiceworks, about half of all businesses still have at least one computer running Windows XP, despite the aging operating system losing Microsoft security support after more than a decade since its release in early-2014.

That means for over three years, these machines haven’t been patched with the latest security updates, including the fix released in March that could’ve prevented machines from getting infected. (Following the outbreak, Microsoft released a rare, emergency out-of-support patch.)

Granted, some companies will have more machines running Windows XP and Vista, which lost support earlier this year, than others. Some businesses may rely on the aging operating system for their entire fleet of computers, whereas others may rely on one or two machines running custom-built machines, like MRI or X-ray scanners in hospitals, for example, which aren’t always connected to the internet, making them less vulnerable to malware and ransomware.

The data shows that newer operating systems that were patched prior to last week’s ransomware attacks, including Windows 7 and Windows 10, make up a 83 percent share of all business computers.

But despite the risks, Windows XP and Vista still take up a 15 percent share across the corporate world — representing hundreds of thousands of computers.

It’s worth noting that not one single set of data offers a perfectly accurate figure of how many devices are vulnerable to these kinds of mass ransomware events or other kinds of cyberattacks. Spiceworks, which has a commercial stake in the security space, says it uses inventory data to see computers that may be networked but not connected to the internet. Other sources rely on different methodologies, such as the US government’s own digital analytics service, which bases its data on visitors directly accessing government sites. It said just over 1 percent of all visitors in the past three months were running Windows XP or Vista.

The question remains: for all the benefits that software updates provide, why the apathy?

“Many companies subscribe to the theory that if it’s ‘not broke, don’t fix it,’ especially those that aren’t prioritizing IT,” said Peter Tsai, a senior technology analyst at Spiceworks. “As a result, many IT departments lack the resources and budget needed to upgrade to newer operating systems like Windows 10. It takes time to upgrade all systems in an organization and train end users on the new features and functionality.”

In all, just over half of all businesses say that there’s no need to update because the current system still works. Others cite IT pressures and lack of time, investments, or budget constraints.

Those barriers can translate into real losses. Take what happened with last week’s cyberattack. Dozens of hospitals around the UK were affected, with some forced to turn patients away. But unlike NHS trusts and hospitals in England and Scotland which suffered significantly at the hands of the ransomware attack late last week, NHS Wales wasn’t affected by the ransomware attack at all, a feat largely attributed to the fact the health system recently updated its entire network.

wannacry-2-ransomware-attack (1)

“Now more than ever, it’s critical for IT professionals to make a business case for more resources,” said Tsai.

If this ransomware attack has proven anything, investing in security isn’t just a good idea, it’s mission critical.

Posted in MicroSoft, WannaCry | Tagged , , , , , , , , | Leave a comment

Ransomware: Researchers find evidence linking WannaCry worm to North Korean hackers

Hacker-Green-tint-spectacles-Reuters-720-624x351

Cybersecurity researchers have found evidence they say could link North Korea with the WannaCry cyber attack that has infected more than 300,000 computers worldwide as global authorities scrambled to prevent hackers from spreading new versions of the virus.

A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec (SYMC.O) and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

“It is similar to North Korea’s backdoor malicious codes,” Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service.

Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.

Damage in Asia, however, has been limited.

Vietnam’s state media said on Tuesday more than 200 computers had been affected. Taiwan Power Co. said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

FireEye Inc (FEYE.O), another large cyber security firm, said it was also investigating but cautious about drawing a link to North Korea.

“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

An official at South Korea’s Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported for damages but was not in position to investigate the source of the attack. The official declined to comment on intelligence-related matters.

A South Korean police official that handles investigations into hacking and cyber breaches said he was aware of reports on North Korea link but said the police were not investigating yet.

Victims haven’t requested investigations but they want their systems to be restored, the official said.

North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

Hauri researcher Choi said the code bore similarities with those allegedly used by North Korean hackers in the Sony and bank heists. He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programs since August.

In one case, alleged hackers from North Korea demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall, Choi added.

The North Korean mission to the United Nations was not immediately available for comment on Monday.

While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defenses.

Cisco Systems (CSCO.O) closed up 2.3 percent on Monday and was the second-biggest gainer in the Dow Jones Industrial Average.

Posted in WannaCry | Tagged , , , , , , , | Leave a comment

Customer Guidance for WannaCrypt Attacks from Microsoft

 

Dear Customer,

wannacry-ransomware-decrypt-unlock-files

Many organizations around the world were victims of malicious “WannaCrypt” software last week. Seeing businesses and individuals affected by cyberattacks such as this is painful. Our teams have worked relentlessly over the last few days to take all possible actions to protect our customers.

Here are a few things for your reference:

  • If you are using Windows Vista, 7, 8.1 & 10: In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Security Update enabled are protected against attacks on this vulnerability.
    For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • Activate Windows Defender: For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider whether they are protected.
  • If using older version of Windows: Customers running versions of Windows that no longer receive mainstream support may not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we have released a Security Update for platforms in custom support only. Windows XP, Windows 8 and Windows Server 2003 Security Updates are broadly available for download now (see links below).
  • Additional Steps to consider: This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect againstSMBv1 attacks, customers should consider blocking legacy protocols on their networks). Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources.

More information on the malware is available from the Microsoft Malware Protection Center though the Windows Security blog. We are working with our customers to provide additional assistance as the situation evolves, and will update this blog with details as appropriate.https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

You may also want to read though the blog posted by Brad Smith, President and Chief Legal Officer, Microsoft, looking at the broader implications of the malicious “WannaCrypt” software attack.

If you have any questions or concerns:

· Webinar: You may want to join the Webinar on Wannacry Attack Q&A, 22nd May, 11am. Join here.

· Email: Please write to us atindiasms@microsoft.com. Our team will respond to you on priority.

Thanks and regards,

Microsoft India Team

———————————————————————————–

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64,Windows Server 2003 SP2 x86,Windows XP SP2 x64,Windows XP SP3 x86,Windows XP Embedded SP3 x86,Windows 8 x86,Windows 8 x64
Download localized versions for the security update for Windows XP, Windows 8 or Windows Server:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Read general information on ransomware:
https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
Download MS17-010 Security Update:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

FAQs:

Where can I find the official guidance from Microsoft?

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Is the update available for Windows 2003 & Windows XP as well?

Yes. The link for download of the update is available at the end of this article

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Will the update run on unlicensed Windows?

It is recommended that the update is run on a licensed version.

What about Windows 2003 R2?

The Windows 2003 update should get applied on Windows 2003 R2 as well.

Will the installation of the patch, prevent the occurrence of ransomware?

No. Applying MS17-010  is just preventing the malware from spreading, not giving protection against the infection itself. Based on reports, this malware is using Social Engineering to target companies.Please warn your users to not open, click or enable macros on email reception.

  • The priority is that your anti-virus can detect the malware.
  • Verify that you have up-to-date signatures, along with patching the Windows systems
  • Make sure that users have the level of knowledge required to never click on suspicious attachments even if they are displayed with a familiar icon (office or PDF document). Where an attachment opening offers the execution of an application, users must under no circumstances should accept the execution and in doubt, users should you consult and/or consult the administrator.
  • Implementation of strong filtering in O365:

http://blogs.msdn.com/b/tzink/archive/2014/04/08/blocking-executable-content-in-Office-365-for-more-aggressive-anti-malware-protection.aspx

  • Exchange Online Protection

http://TechNet.Microsoft.com/en-us/library/jj723164(v=Exchg.150).aspx

http://TechNet.Microsoft.com/en-us/library/jj200684(v=Exchg.150).aspx

http://TechNet.Microsoft.com/en-us/library/jj723119%28V=Exchg.150%29.aspx

Security tips to Protect against Ransomware

https://social.technet.microsoft.com/wiki/contents/articles/29787.microsoft-protection-center-security-tips-to-protect-against-ransomware.aspx

Is the ransomware effective only if the user has administrative rights on the client machine?

No. This piece of ransomware, like most of others, once executed, encrypts all files it can reach in the context of a user, if the user is an admin on the box the outcome is more devastating. In addition this ransomware also tries to disable shadow copies and make some registry changes in HKLM hive which require administrative privileges.

When it tries to spread it uses a vulnerability, which once exploited gives the malware SYSTEM level access on the target system. All this means that this attack maybe very successful and destructive even if the users don’t have admin privileges on their unpatched workstations/servers.

Is only disabling SMB v1 Server (LanmanServer) on all our machines helps us to protect from this vulnerability?

Patch installation would be the first option. To answer the question, Yes. SMBV1 should be removed, but in a planned way. Please refer the below link

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

Do we need to disable SMB v1 client (Lanmanworkstation) as well on all our machines?

No. It is only the SMBv1 server component (which means Lanmanserver), on the client machine and not Lanmanworkstation on the client machine.

What is the impact of removing SMBv1?

  • You’re still running XP or WS2003 under a custom support agreement
  • Windows XP will not be able to access shares on a Windows 2003 Server or any other Operating System
  • Windows Vista and above Operating System will not be able to access shares on a Windows 2003 Member Server or Domain Controller (if you still have them in the environment)
  • You have some decrepit management software that demands admins browse via the ‘network neighborhood’ master browser list
  • You run old multi-function printers with antique firmware in order to “scan to share”

Please refer the below article for more details

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

If we have to disable smb v1 Server service, what are the registry values to disable it?

When using operating systems older than Windows 8.1 and Windows Server 2012 R2, you can’t remove SMB1 – but you can disable it: KB 2696547- How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

Please refer to the below link for more details

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

How do we know SMB v1 is active in our environment.  Can we proactively check it?

Yes. Please test this, before using in the production environment.

https://blogs.technet.microsoft.com/ralphkyttle/2017/04/07/discover-smb1-in-your-environment-with-dscea/

Windows 2016 and Windows 10 provides a way to audit usage of SMBv1, which can be found here

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

Is Windows 10 affected as of now?

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack as of now.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Customers running Windows 10 were not targeted by the attack today.

That being said, Windows 10 systems also need to be patched, because the variants can be developed. In addition to this, it would be recommended to remove SMBv1 from the clients and Windows servers, after doing a complete review of the below mentioned article.

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

Posted in MicroSoft, WannaCry | Tagged , , , , , , , , , , | Leave a comment

A ransomware attack is spreading worldwide, using alleged NSA exploit

0ef95987526970d668cbb7995fe36b10_XL

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of their networks.

Spain’s computer response team CCN-CERT has also warned of a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

The ransomware, also known as WannaCry, works by leveraging a Windows vulnerability that came to light last month when a cache of mysterious hacking tools was leaked on the internet.

The tools, which security researchers suspect came from the NSA, include an exploit codenamed EternalBlue that makes hijacking older Windows systems easy. It specifically targets the Server Message Block (SMB) protocol in Windows, which is used for file-sharing purposes.

Microsoft has already patched the vulnerability, but only for newer Windows systems. Older ones, such as Windows Server 2003, are no longer supported, but still widely used among businesses, according to security experts.  

That may have painted a giant bullseye for hackers to target these systems. The developer of Wanna Decryptor appears to have added the suspected NSA hacking tools to the ransomware’s code, said Matthew Hickey, the director of security provider Hacker House, in an email.

Security firm Avast said it has detected the ransomware, largely attacking Russia, Ukraine, and Taiwan.

Another security research firm, MalwareTech, has created a page monitoring the attacks. They appear to have gone worldwide.

The Wanna Decryptor ransomware strikes by encrypting all the files on an infected PC, along with any other systems on the network the PC is attached to. It then demands a ransom of about $300 to $600 in bitcoin to release the files, threatening to delete them after a set period of days if the amount is not paid.

Security experts are urging organizations to patch vulnerable systems, upgrading to the latest versions of OSes, and making backups of any critical files.

Backup Backup Offline Backup.!

In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers.

wannacry_05_1024x774

Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions.

windows-wannacry-smb-patch-update

So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW!

 
7 Easy Steps to Protect Yourself

Currently, there is no WannaCry decryption tool or any other solution available, so users are strongly advised to follow prevention measures in order to protect themselves.

  • Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
  • Using Unsupported Windows OS? If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft today.
  • Enable Firewall: Enable firewall, and if it is already there, modify your firewall configurations to block access to SMB ports over the network or the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
  • Disable SMB: Follow steps described by Microsoft to disable Server Message Block (SMB).
  • Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat.
  • Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
  • Beware of Phishing: Always be suspicious of uninvited documents sent an email and never click on links inside those documents unless verifying the source.

Again… Backup Backup… Offline Backup

WannaCry Ransomware fears: Pirated software makes us more vulnerable.

Microsoft Security Bulletin MS17-010 – Critical https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Quick Heal Bot Removal Tool http://www.quickheal.co.in/bot-removal-tool

Kaspersky Anti-Ransomware Tool for Business https://kas.pr/ransomBIZ_IN

Posted in Anti Virus, Ransomware, WannaCry | Tagged , , , , , , , | Leave a comment

How to Determine if Windows License Type is OEM, Retail, or Volume

When it comes to purchasing licenses for Windows there are a number of different channels that you can purchase through. The most common license types are Retail (FPP (Full Packaged Product)), OEM (Original Equipment Manufacturer), and Volume Licensing. Each Windows license type confers rights and imposes restrictions based on the Microsoft Software License Terms.

License Type

Description

Retail

This when you buy a Full Packaged Product (FPP), commonly known as a “boxed copy”, of Windows from a retail merchant or purchases Windows online from the Microsoft Store. Product keys can be transferred to another PC.

OEM

Product keys are issued by the original equipment manufacturer (OEM) and are not-for-resale and may not be transferred to another computer. They may, however, be transferred with the computer if the computer is transferred to new ownership. If the OEM PC came preinstalled with Windows 8 or Windows 10, then the product key will be embedded in the UEFI firmware chip.

Volume

KMS Client and Volume MAK product keys, are volume license keys that are not-for-resale. They are issued by organizations for use on client computers associated in some way with the organization. Volume license keys may not be transferred with the computer if the computer changes ownership. This form of licensing typically applies for business, government and educational institutions, with prices for volume licensing varying depending on the type, quantity and applicable subscription-term. A volume license key (VLK) denotes the product key used when installing software licensed in bulk, which allows a single product key to be used for multiple installations. For example, the Windows Enterprise edition is activated with a volume license key.

This tutorial will show you how to determine if your Windows is activated with a Retail, OEM, or Volume channel license type.

Here’s How:

1. Open a command prompt.

2. Type the command below into the command prompt, and press Enter. (see screenshot below)

–> slmgr –dli

image

3. After a short moment, a Windows Script Host dialog will open to show you what license type your Windows is using. (see screenshots below)

image

image

That’s it,

Enjoy.!

Posted in License Type, MicroSoft, Tips & Trick, Windows | Tagged , , , , , , , , , , , | Leave a comment