Blog

wannacry ransomware

Updated: What is WannaCry Ransomware and How to Protect Against it

Category: Latest News

What is WannaCry Ransomware ? and how can i protect against it?

I am sure that you have already heard about the WannaCry Ransomware outbreak better known as WannaCry! And you are probably wondering what’s going on, who is behind this, and more importantly if your computer is secure from this threat which has hacked over 200,000 Windows PCs worldwide,  most notably Britain’s National Health Service.

So what is “WANNACRY”?

“WannaCry” is a malicious software or rather ‘ransomware’. Once it infects your computer, it will encrypt your data and demand that you pay a ransom to decrypt (unlock) your data.  The ransom amount will double if you do not pay in time.

wannacry ransom screen

How to Protect Yourself from WannaCry Ransomware?

Follow these simple tips to protect your computer against WannaCry and other ransomware, because after all most computer viruses make their way into your computer due to lack of simple security practices.

1. Make sure to always Install Security Updates

If you are using any version of Windows, except Windows 10, with SMB protocol enabled, make sure that your computer receives updates automatically from Microsoft

Microsoft has issued a patch for affected versions of Windows, to ensure the malware will not spread between fully updated versions of its operating systems.

2. Patch the SMB Vulnerability

WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010)

You should make sure your system has those security patches installed.

Moreover, Microsoft released the SMB patches (download from here) for its unsupported versions of Windows as well, including Windows XP, Vista, 8, Server 2003 and 2008.

Note: If you are using Windows 10 Creators Update (1703), your system is safe.

3. Disable SMB

Although the patches should fix the SMB vulnerability, it is still advised that you disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows.

Here’s how to disable SMBv1:

  1. Go to Windows’ Control Panel and open ‘Programs.’
  2. Open ‘Features’ under Programs and click ‘Turn Windows Features on and off.’
  3. Scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ and uncheck it.
  4. Then click OK, close the control Panel and restart the computer.

4. Enable Firewall & Block SMB Ports

You should always keep your firewall enabled. If you need to keep SMBv1 enabled, then you need to modify your firewall settings to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.

5. Use an Antivirus Program

It is always advisable to have an updated Anti Virus program running to prevent against most threats.

Almost all antivirus vendors have already come up with an update to prevent WannaCry.

Kaspersky have a free tool to protect you against ransomware,

6. Be Suspicious of Emails, Websites, and Apps

Unlike WannaCry, most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs.

Most wannaCry ransomware infects computers by tricking users into opening malicious attachments to phishing emails. As a result, even if the email comes from someone you know, don’t open the attachment, as cybercriminals can “spoof” email addresses or hijack other people’s email accounts.

On the other hand, if you feel that the attachment is something you need to see, then save the attachment to your desktop without opening it, right-click the attachment file and have your antivirus software scan it.

7. Regular Backup your Files:

You should always keep a backup of your files and copy them to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it can not encrypt your backups.

What to do if WannaCry Ransomware infects you?

Well, there isn’t much you can do ! but definitely you should not pay the ransom as there’s no guarantee that even after paying the ransom, you would regain control of your files.

Kaspersky Labs are saying that they are working on the possibility of creating a decryption tool to help victims.

Updated: 19-05-2017

Updated : Decryption tool released ! Unlock your files without paying the ransom

If you have been hit by the ‘WannaCry’ ransom-ware, there is now a solution to unlock your files without paying the ransom.

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html

Do you need more information?

Have you been infected? Do you want to make sure your system is safe?

Contact us, we are here to help.

Contact Us

LEAVE A REPLY

popip