Keeping Up with the WannaCry Ransomware AttackComputers That Werk Blog Writer
Video Courtesy of C|Net
What is WannaCry?
WannaCry is classified as ransomware. Ransomware is a type of hacking attack known for holding user’s computers hostage until some ransom has been met. The ransom usually asks for Bitcoin, a type of currency that is untraceable.
How does WannaCry ransomware work?
Upon infecting a computer, it encrypts all the data on a computer. This locks the computer down. The attack then posts a screen demanding you pay to regain access to your files. According to CNet’s article: WannaCry ransomware: Everything you need to know, the price to regain access “typically increases over time until the end of a countdown,” upon which the files are destroyed.
How does WannaCry spread?
The ransomware spreads through networks by leveraging a Windows vulnerability suspected to come from the NSA during a recent leak of tools by the hacker group, known as Shadow Brokers.
The vulnerability exists in the SMB, or server message block protocol, of no-longer supported Windows systems. This list of systems includes Windows NT, XP, and even Windows 7. The hardest hitting aspect of the cyberattack is to older Windows servers. Matthew Hickey, the director of security provider Hacker House, posted a video showing a successful EternalBlue hack, the primary way WannaCry propagates throughout networks, on a machine with Windows Server 2008 R2 SP1 in under 120 seconds.
In an article on PCWorld, Microsoft blames the U.S. for stockpiling vulnerabilities. Had the NSA alerted Microsoft of the vulnerability earlier, they could have prevented all this from happening.
While doing our research we also came across a video showing how fast the WannaCry cyberattack spreads.
Are there any patches against WannaCry?
While security researchers are working on a solution for the cyberattack, there is not much that can be done. The landscape behind the attack is already changing. As ways are developed to stop the attacks, hackers are updating the ransomware.
What prevention steps can I take?
Courtesy of Hacker News, here are some simple tips you should always follow because most computer viruses make their ways into your systems due to lack of simple security practices:
1. Always Install Security Updates – If you are using any version of Windows, except Windows 10, with SMB protocol enabled, make sure your computer should always receive updates automatically from the Microsoft, and it’s up-to-date always.
2. Patch SMB Vulnerability – Since WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010) in the month of March, you are advised to ensure your system has installed those patches.
Moreover, Microsoft has been very generous to its users in this difficult time that the company has even released the SMB patches (download from here) for its unsupported versions of Windows as well, including Windows XP, Vista, 8, Server 2003 and 2008.
Note: If you are using Windows 10 Creators Update (1703), you are not vulnerable to SMB vulnerability.
3. Disable SMB – Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransomware attacks. Here’s the list of simple steps you can follow to disable SMBv1:
- Go to Windows’ Control Panel and open ‘Programs.’
- Open ‘Features’ under Programs and click ‘Turn Windows Features on and off.’
- Now, scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ and uncheck it.
- Then click OK, close the control Panel and restart the computer.
4. Enable Firewall & Block SMB Ports – Always keep your firewall enabled, and if you need to keep SMBv1 enabled, then just modify your firewall configurations to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
5. Use an Antivirus Program – An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date. Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent the secret installations from malicious applications in the background.
6. Be Suspicious of Emails, Websites, and Apps – Unlike WannaCry, most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs. So, you should always exercise caution when opening uninvited documents sent over an email and clicking on links inside those documents unless verifying the source to safeguard against such ransomware infection. Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.
7. Regularly Backup your Files – To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer. That way, if any ransomware infects you, it can not encrypt your backups.
8. Keep Your Knowledge Up-to-Date – There’s not a single day that goes without a report on cyber attacks and vulnerabilities in popular software and services. So, it’s high time for users of any domain to follow day-to-day happening of the cyber world. This would not only help them to keep their knowledge up-to-date, but also prevent against even sophisticated cyber attacks.
What can Computers That Werk do for you?
Computers That Werk offers managed services that include ensuring your systems are up-to-date. We make sure that security patches are installed. We provide 24/7/365 remote monitoring. We also provide best-in-class antivirus via Bitdefender. Bitdefender protected even our out-dated client systems from the WannaCry ransomware cyberattack. Give us a call today to see what we can do for you.