WannaCry (aka WannaCrypt) is the latest ransomware (a type of malware or malicious program) that encrypts files on workstations (laptops/desktops) and servers, then demands ransom money in order to decrypt the files. Unless the victim pays the ransom, they are prevented from restoring their data, systems and operations. WannaCry uses a very well-known vulnerability found in the Windows operating system that stayed unpatched in many computers, even though Microsoft released the security update for this vulnerability in March of 2017.
This latest attack has threatened a large number of users and is expected to cost businesses almost $4 billion across the globe. Protect yourself and your business by following the 7 steps below to prevent the WannaCry ransomware from attacking your computers:
1. Install the Windows security patch MS17-010 in your computers.
This patch addresses the EternalBlue vulnerability that was made public in January of this year with the patch published in March. Any systems running a Windows version that did not receive a patch should be removed from all networks. You can get this patch either through the automatic Windows updates. Microsoft has also issued tactical patches for operating systems no longer supported including Windows XP, Windows Server 2003, and Windows 8.
2. Disable SMBv1.
If it is not possible to apply either patch, disable SMBv1. Refer to guidance from Microsoft for doing so.
3. Block SMBv1.
Block SMBv1 ports on network devices – UDP 137, 138 and TCP 139, 445.
4. Enable automatic updates in Windows.
If you have enabled automatic updates in your Windows PC, you won’t have to worry about manually installing the security patches. You can enable the automatic updates simply by running the Windows Update Minitool. This tool works for all the versions of Windows.
5. Back up your files every day.
Ransomware, such as WannaCry, encrypts your files and then decrypts them after you pay. You should keep a backup of all of your important files so that you can recover them even if your system becomes a victim of ransomware attack.
6. Install/update antivirus software on Windows-powered systems.
If you have installed a good antivirus software in your PC, it will usually detect and stop the ransomware before it begins to infect your system.
7. Shut Down.
If none of these options are available, shut down your computer. Propagation can be prevented by shutting down vulnerable systems.
WannaCry was initially spread because employees/individuals clicked on something within a spam email message. The best defense for minimizing the risk is constant employee awareness and education regarding safe and unsafe computing practices.
If you would like to discuss WannaCry or cyber security concerns in general, please feel free to contact Tom Skoog, Blue & Co.’s Cybersecurity and Data Management Practice Leader.