WannaCry Ransomware: How to protect yourself
If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You can find instructions on this page in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalog.
If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog. We do recommend that you update to a supported version of Windows as soon as possible.
Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware.
Get the word out
The second wave of attacks appears to have just started within the past few hours. This is going to be a rough week for Windows users. We recommend you get the word out by sharing this post to help keep friends and family secure.
A fact sheet: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
A detailed description of the worm and the exploit it uses to spread: https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
Deep technical analysis: https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58
Info on new variants detected today (also linked to in the post, above): https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e
Coverage analysis on Virustotal. A spreadsheet showing which signatures/files are being detected by anti-virus vendors, when they were first submitted to virustotal and the names of each component each AV vendor is using: https://docs.google.com/spreadsheets/u/1/d/1XNCCiiwpIfW8y0mzTUdLLVzoW6x64hkHJ29hcQW5deQ/pubhtml#
NoMoreCry: A tool created by the Spanish cyber security center (CCN-CERT) to prevent infection by this ransomware. We don’t recommend you use this tool at this time. Instead, patch your system and use a an anti-virus product or firewall rules. This is merely for academic interest: https://www.ccn-cert.cni.es/en/updated-security/ccn-cert-statements/4485-nomorecry-tool-ccn-cert-s-tool-to-prevent-the-execution-of-the-ransomware-wannacry.html
A live feed of WannaCry infections on a map: https://intel.malwaretech.com/WannaCrypt.html
Microsof Customer Guidance: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
A tweet by Tal Be’ery describing the root cause of the vulnerability with links: https://twitter.com/TalBeerySec/status/863741929401585664
Did you enjoy this post? Share it!
see the full article here: