WannaCry Ransomware: Everything You Need To Know Immediately

WannaCry Ransomware: Everything You Need To Know Immediately

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows operating system. On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack spreads by multiple methods, including phishing emails and on unpatched systems as a computer worm. The attack has been described by Europol as unprecedented in scale.


For those unaware, Ransomware is a computer virus that usually spreads via spam emails and malicious download links; specially designed to lock up the files on a computer, until the victim pays the ransom demand, usually $300-$500 in Bitcoins.
But what makes WannaCry so unique and nasty is its ability to self-spread without even need to click any link or a file.

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

 

How to Protect Yourself from WannaCry Ransomware?

Here are some simple tips you should always follow because most computer viruses make their ways into your systems due to lack of simple security practices:

 

 1.     Always Install Security Updates

 If you are using any version of Windows, except Windows 10, with SMB protocol enabled, make sure your computer should always receive updates automatically from the Microsoft, and it's up-to-date always.

 

2.    Patch SMB Vulnerability


Since WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010) in the month of March, you are advised to ensure your system has installed those patches.


For more information about this update, see Microsoft Knowledge Base Article 4013389.

Moreover, Microsoft has been very generous to its users in this difficult time that the company has even released the SMB patches (download from here) for its unsupported versions of Windows as well, including Windows XP, Vista, 8, Server 2003 and 2008.

You can download the Update for different versions of Windows from here

Note: If you are using Windows 10 Creators Update (1703), you are not vulnerable to SMB vulnerability.


3.    Disable SMB

Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransomware attacks.

Here's the list of simple steps you can follow to disable SMBv1:

a.    Go to Windows' Control Panel and open 'Programs.'
b.    Open 'Features' under Programs and click 'Turn Windows Features on and off.'
c.    Now, scroll down to find 'SMB 1.0/CIFS File Sharing Support' and uncheck it.
d.    Then click OK, close the control Panel and restart the computer.

 

4.    Enable Firewall & Block SMB Ports

Always keep your firewall enabled, and if you need to keep SMBv1 enabled, then just modify your firewall configurations to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.

 

5.    Use an Antivirus Program

An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date.

Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent the secret installations from malicious applications in the background.

 

6.    Be Suspicious of Emails, Websites, and Apps

Unlike WannaCry, most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs.

So, you should always exercise caution when opening uninvited documents sent over an email and clicking on links inside those documents unless verifying the source to safeguard against such ransomware infection.

Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.

 

7.    Regular Backup your Files:

To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it cannot encrypt your backups.

 

8.    Keep Your Knowledge Up-to-Date

There's not a single day that goes without any report on cyber attacks and vulnerabilities in popular software and services, such as Android, iOS, Windows, Linux and Mac Computers as well.

So, it's high time for users of any domain to follow day-to-day happening of the cyber world, which would not only help them to keep their knowledge up-to-date, but also prevent against even sophisticated cyber attacks.


What to do if WannaCry infects you?

Well, nothing.
If WannaCry ransomware has infected you, you can't decrypt your files until you pay a ransom money to the hackers and get a secret key to unlock your file.
Never Pay the Ransom: