How to Protect From WannaCry Ransomware Attack
These are the ways you can protect from WannaCry Ransomware attack. Try to apply this security advice to reduce the risk being attacked by WannaCry Ransomware. It’s on track to be one of the biggest recorded ransomware attacks ever, with tens of thousands of infected computers in nearly 100 countries.
Friday’s attack largely hit businesses and large organizations: UK hospitals, a Spanish telecom, FedEx, the Russian Interior Ministry. But how much do individuals need to worry about their personal computers being targeted?
Ransomware is a type of malicious software that takes over a computer and locks the user out, preventing them from accessing any files until they pay money. This particular program, called WannaCry, asks for about $300, though the price increases over time.
WannaCry takes advantage of a Windows flaw discovered by the NSA and made public by hackers in April. Microsoft (MSFT, Tech30) did release a patch for the vulnerability in March. But computers and networks that didn’t update their systems were still at risk.
On Friday, a security researcher inadvertently created a “kill switch” to help stop the spread of this ransomware. However, a hacker could rewrite the code to omit the kill switch and start trying to infect new machines with a new version of it.
Protect from WannaCry Ransomware Attack
1. Daily Backup Important Data
The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computers and servers get locked, you won’t be forced to pay to see your data again.
“More than 5,000 customers have called us for help with ransomware attacks in the last 12 months,” says Chris Doggett, senior vice president at Carbonite, which provides cloud backup services for individuals and small businesses. One health care customer lost access to 14 years of files, he says, and a community organization lost access to 170,000 files in an attack, but both had backed up their data to the cloud so they didn’t have to pay a ransom.
2. Avoid to Open Suspicious Emails and Links
The primary method of infecting victims with ransomware involves every hacker’s favorite bait—the “spray-‘n’-pray” phishing attack, which involves spamming you with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. The recent ransomware attacks targeting Congressional members prompted the House IT staff to temporarily block access to Yahoo email accounts, which apparently were the accounts the attackers were phishing.
But ransomware hackers have also adopted another highly successful method—malvertising—which involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trusts, such as the malvertising attacks that recently struck the New York Times and BBC. Ad blockers are one way to block malicious ads, patching known browser security holes will also thwart some malvertising.
3. Patch Update
- The vulnerability does not exist in Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP.
- As a result of Microsoft’s first patch, users of Windows Vista, Windows 7, and Windows 8.1 can easily protect themselves against the main route of infection by running Windows Update on their systems. In fact, fully updated systems were largely protected from WanaCrypt0r even before Friday, with many of those infected having chosen to delay installing the security updates.
- Users of Windows XP, Windows Server 2003 and Windows 8 can defend against the ransomware by downloading the new patch from Windows.
- All users can further protect themselves by being wary of malicious email attachments, another major way through which the ransomware was spread.
A Microsoft’s security response team, Phillip Misner, wrote: “We know that some of our customers are running versions of Windows that no longer receive mainstream support.
“That means those customers will not have received the … Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.”
4. Got an Infection? Disconnect
When MedStar Health got hit with ransomware earlier this year, administrators immediately shut down most of the organization’s network operations to prevent the infection from spreading. Sjouwerman, whose firm distributes a 20-page “hostage manual” (.pdf) on how to prevent and respond to ransomware, says that not only should administrators disconnect infected systems from the corporate network, they should also disable Wi-Fi and Bluetooth on machines to prevent the malware from spreading to other machines via those methods.
After that, victims should determine what strain of ransomware infected them. If it’s a known variant, anti-virus companies like Kaspersky Lab may have free Ransomware Decryptors to help unlock files or bypass the lock without paying a ransom, depending on the quality of encryption method the attackers used.
5. Disable SMB
Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransomware attacks.
Here’s the list of simple steps you can follow to disable SMBv1:
- Press Windows+R to open “Run” and type “Optionalfeatures” then press enter to open the Windows Features.
- Now find the “SMB 1.0/FIFS File Sharing Support” and uncheck the box then click OK to disable it.
3. Finally, if your system asks you to restart, once restarted to apply the changes successfully.
Final Checklist to Protect from WannaCry Ransomware Attack
- Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
- Using Unsupported Windows OS? If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft today.
- Enable Firewall: Enable firewall, and if it is already there, modify your firewall configurations to block access to SMB ports over the network or the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
- Disable SMB: Follow steps described by us to disable Server Message Block (SMB) to protect from WannaCry Ransomware attack.
- Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat. Read more: Best free antivirus for Windows and mobile devices.
- Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
- Beware of Phishing: Always be suspicious of uninvited documents sent an email and never click on links inside those documents unless verifying the source.
That’s all you need to know and apply to protect from WannaCry Ransomware attack correctly.
People also ask
What is the ransom virus?
How do I get rid of ransomware?
What type of virus is Cryptowall?
Can Avast get rid of ransomware?
How do I decrypt ransomware files?