Last updated: February 12, 2018
A worldwide ransomware attack is running rampant. The ransomware, known by names like WannaCry, WanaCrypt, WanaCrypt0r, WCry, and Wanna Decryptor, is spreading via a Microsoft Windows exploit known as “EternalBlue.” The ransomware targets the Windows computers of entities that have not yet patched the exploited vulnerability. WannaCry works by encrypting the files on a Windows computer, which renders them inaccessible. Decrypting the files so they are once again accessible only occurs upon receipt of a ransom payment.
WannaCry ransomware requests a payment using $300 worth of the cryptocurrency Bitcoin. If users do not pay the $300 ransom within 3 days, the ransom will increase. If the ransom remains unpaid after 4 more days, the ransomware claims the encrypted files will be unrecoverable forever. Paying the ransom does not guarantee the files will be decrypted, or that the ransomware will be removed from your system.
The rub is that Microsoft issued a patch for the Windows vulnerability, Microsoft Security Bulletin MS17-010, back on March 14, as part of a scheduled Patch Tuesday update. Systems updated with the March patch are protected from the ransomware infection. Systems impacted by this attack have not installed the Windows update.
In early 2017, a hacking group known as The Shadow Brokers claimed to have stolen hacking tools from the National Security Agency (NSA). Among those hacking tools was the “EternalBlue” exploit. The group publicly released the hacking tools in April after a failed attempt to sell them. By then, however, Microsoft had already issued the patch. The exploit is now in use against vulnerable Windows computers and servers.
How to prevent WannaCry ransomware
Companies and individuals can prevent WannaCry ransomware by applying the Windows patch released in March. Unfortunately, the patch won’t help compromised computers. You have protection from WannaCry if your Windows software is up to date. Perhaps the best protection is continuous diligence. Below are a few steps to help prevent malware exploits, or mitigate them in the event your computer becomes compromised.
- Apply the Microsoft Windows patch for the MS17-010 SMB vulnerability released on March 14, 2017, to prevent WannaCry ransomware.
- Backup your computer regularly. If you become a ransomware victim, restore your files from a backup instead of paying the ransom. Test your backups to make sure they’ll work if you need them.
- Install Windows updates immediately. Victims of WannaCry ransomware had an outdated, unprotected Windows version.
- Keep your web browser(s) up to date, and configure them to update automatically.
- Use a firewall.
- Log into your computer using an administrator account only when necessary.
- Install anti-virus and anti-malware software and keep it updated with the latest virus and malware definitions.
- Use a strong anti-spam email filter, and scan all incoming/outgoing emails for threats.
- Exercise extreme caution when clicking links in emails. Mouse-over links to view the destination before clicking them. Type the address directly into your web browser address bar instead of clicking the link. Check the safety of a link BEFORE clicking it.
- Exercise extreme caution when opening any email attachment — even from trusted sources.
- Think before you click. Take an extra moment to scrutinize unexpected emails you receive — even from trusted sources.
- Check shortened URLs for safety BEFORE you click them.
- Only visit sites that use a valid secure certificate issued by a trusted Certificate Authority. Look for HTTPS in the web address.
- Steer clear of unsavory websites. You know the ones.
Thank you for visiting Tech Help Knowledgebase to learn how to prevent WannaCry ransomware. If you liked this article, follow us on Twitter @techhelpkb and subscribe to our YouTube channel to keep in the loop.
References for May 12, 2017, WannaCry ransomware cyberattack
Microsoft: Microsoft Security Bulletin MS17-010
US-CERT: Microsoft SMBv1 Vulnerability
Microsoft MSRC Team: Customer Guidance for WannaCrypt attacks
Image credit: SecureList