[NOTE: THIS POST WILL BE UPDATED WITH THE LATEST HAPPENINGS]
The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor)
ransomware computer worm, targeting the Microsoft Windows operating system, encrypting data and demanding ransom payments in the cryptocurrency bitcoin.
MORE AT
https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
HOW TO SECURE YOUR COMPUTER:
Windows Update MS17-010
The virus uses ETERNALBLUE exploit, which is closed by Microsoft security update MS17-010 released in March. I recommend that you check update center for presence of such an update (by code) on your computer (for example, code
for Windows 7 will be KB4012212 or KB4012215).
If updates are not installed, you can download them from official Microsoft website:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
For older systems (Windows XP, Windows Server 2003 R2), Microsoft released special patches:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
According to the reports of antivirus companies, wcrypt penetrates computers through SMB (Server Message Block) ports. To prevent penetration, we block the ports 135, 137, 138, 139 and 445 through which the virus penetrates (in most
cases they are not used by ordinary users).
To do this, open the console with administrator rights (cmd.exe -> run as administrator). And we execute in turn 5 commands (after each command there should be status OK).
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"
netsh advfirewall firewall add rule dir=in action=block protocol=UDP localport=137 name="Block_UDP-137"
netsh advfirewall firewall add rule dir=in action=block protocol=UDP localport=138 name="Block_UDP-138"
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=139 name="Block_TCP-139"
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"
Disabling SMBv1 support
The vulnerability can also be closed by completely disabling SMBv1 support. Run this command in cmd (run as administrator, for Windows 8 and later).
dism /online /norestart /disable-feature /featurename:SMB1Protocol
Or registry solution:
-Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0
https://www.nomoreransom.org/prevention-advice.html
http://stackoverflow.com/questions/43952057/how-to-protect-from-wcrypt-wanna-cry
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07
http://windows7themes.net/en-us/how-to-disable-smbv1-on-windows-7-8-and-10-to-protect-yourself-from-ransomware-wanacrypt0r-2-0/
https://blog.kaspersky.com/wannacry-ransomware/16518/
http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
'Shadow Brokers' threaten to release more hacking tools in June:
https://www.engadget.com/2017/05/16/shadow-brokers-nsa-june/
The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor)
ransomware computer worm, targeting the Microsoft Windows operating system, encrypting data and demanding ransom payments in the cryptocurrency bitcoin.
MORE AT
https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
HOW TO SECURE YOUR COMPUTER:
Windows Update MS17-010
The virus uses ETERNALBLUE exploit, which is closed by Microsoft security update MS17-010 released in March. I recommend that you check update center for presence of such an update (by code) on your computer (for example, code
for Windows 7 will be KB4012212 or KB4012215).
If updates are not installed, you can download them from official Microsoft website:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
For older systems (Windows XP, Windows Server 2003 R2), Microsoft released special patches:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
According to the reports of antivirus companies, wcrypt penetrates computers through SMB (Server Message Block) ports. To prevent penetration, we block the ports 135, 137, 138, 139 and 445 through which the virus penetrates (in most
cases they are not used by ordinary users).
To do this, open the console with administrator rights (cmd.exe -> run as administrator). And we execute in turn 5 commands (after each command there should be status OK).
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"
netsh advfirewall firewall add rule dir=in action=block protocol=UDP localport=137 name="Block_UDP-137"
netsh advfirewall firewall add rule dir=in action=block protocol=UDP localport=138 name="Block_UDP-138"
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=139 name="Block_TCP-139"
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"
Disabling SMBv1 support
The vulnerability can also be closed by completely disabling SMBv1 support. Run this command in cmd (run as administrator, for Windows 8 and later).
dism /online /norestart /disable-feature /featurename:SMB1Protocol
Or registry solution:
-Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0
https://www.nomoreransom.org/prevention-advice.html
http://stackoverflow.com/questions/43952057/how-to-protect-from-wcrypt-wanna-cry
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07
http://windows7themes.net/en-us/how-to-disable-smbv1-on-windows-7-8-and-10-to-protect-yourself-from-ransomware-wanacrypt0r-2-0/
https://blog.kaspersky.com/wannacry-ransomware/16518/
http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
'Shadow Brokers' threaten to release more hacking tools in June:
https://www.engadget.com/2017/05/16/shadow-brokers-nsa-june/
No comments:
Post a Comment