WannaCry – Protect Yourself

KB ID 0001311 

Problem

Last Friday, the IT world was hit by another attack, WannaCry is a Ransomware infection, that exploits a hole in the windows SMB Protocol.

wannacry

This hole was patched back in March, (Security update MS17-010) so if your, (windows update supported systems) have updates enabled, you will probably already be protected.

Why were big organisations like the NHS hit? Primarily because they have systems that are no longer supported, (or patched) by Microsoft. e.g. Windows XP, (support ended in 2014), and Windows Server 2003, (support ended in 2015). It happens because organisations have software that cannot run on more modern operating systems, so instead of migrating away from the software, Trusts continue to run old operating systems.

 

Solution

WannaCry Removal

If you are already infected, disconnect your affected machines from the network, Kaspersky has a tool that you can use.

Ransomware Removal

Microsoft Patches Windows XP and Server 2003

Although they have no requirement to do so, Microsoft has released patches for these legacy operating systems;

MS17-10 KB4012598 (WannaCry Patch)

Additional Steps

  1. Enable Windows Updates and wherever possible set it to automatically install updates. If you are a corporate customer, then get together a patching policy that has security updates tested and rolled out, in a matter of days.
  2. Backup your machines, the most effective defence if having your files backed up. So if you are infected, you can simply roll back to before the infection, and protect your machines.
  3. Be vigilant: Don’t click attachments in Emails unless you are 100% sure they are genuine.
  4. Local Firewalls: Turn them on (Start > Run > Firewall.cpl {enter}).
  5. Corporate firewalls: Block all inbound TCP 139 and TCP 445 traffic
  6. Run up to date AntiVirus and AntiMalware.
  7. Dont pay the ransom, don’t engage with the perpetrators.

 

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *