How to protect your computer against the ransomware attack

How to protect your computer against the ransomware attack

The ransomware outbreak is ongoing and while researchers work to stem the tide of infection, businesses, governments, and individuals can help the cause by making sure they have protected themselves.

The attack is due to a kind of ransomware called Wanna Decryptor, also known as WannaCrypt, WanaCrypt0r and WannaCry. The malware not only infects targets through traditional means -- such as phishing campaigns, malicious emails, and dodgy attachments -- but once a system has been infected, the malicious code scans for additional targets through networks and jumps to fresh victims.

When a system has been infected with WannaCrypt, the malware encrypts everything it can -- including the PC's hard drive and any connected devices, such as USB sticks and external storage devices.

The ransomware then locks users out of the system, throws up a landing page and demands a $300 ransom payment in the virtual currency Bitcoin in return for files to be unlocked. This amount then doubles within a few days if payment is not forthcoming. Users are also threatened with the mass deletion of files within a week if they resist paying.

A security fix was released in March which resolved the problem for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, and Windows Server 2016, which are still supported.

If you are running these versions and have not downloaded Microsoft Security Bulletin MS17-010, you should do so now manually, or allow Windows Update to do the work for you.

Based on information from Microsoft, this malware takes advantage of security holes in the SMB feature used for file sharing in Windows. In addition it is also known to attack through the RDP feature. SMB runs on the network at UDP 137-138 and TCP 137-139, 445. While RDP on port 3389.

These ports and protocols used by WannaCry malware in spreading have been blocked on all the UCC firewall routers but a few routers showed those ports were active and in block mode.

How to defend against the ransomware

  • Immediately backup all your important and critical data unto an external hard drive or USB storage device, and disconnect it the moment the backup is complete. This should be done without Internet connection.
  • The vulnerability does not exist within Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP.
  • As a result of Microsoft’s first patch, users of Windows Vista, Windows 7, and Windows 8.1 can easily protect themselves against the main route of infection by running Windows Update on their systems. In fact, fully updated systems were largely protected from WanaCrypt0r, with many of those infected having chosen to delay installing the security updates.
  • Users of Windows XP, Windows Server 2003 and Windows 8 can defend against the ransomware by downloading the new patch for Windows.
  • All users can further protect themselves by being wary of malicious email attachments, another major way through which the ransomware was spread. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: "When in doubt, throw it out!"
    Phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It's actually cybercriminals attempting to steal confidential information.
  • Disable the SMB service. By disabling the service the propagation of the virus will stop from spreading. 

Disable the SMB service for Windows 10/8/7

Windows 10 users can disable the SMB feature by following these simple steps:

  1. Click on the Search option and search for “Windows Features” and you will see the result as “Turn Windows Feature on and off.”
  2. Upon clicking the option, the following screen will be prompted
  3. Now untick the box and click on “Ok”.
  4. Now untick the box and click on “Ok”.

How to Disable Windows Remote Desktop (RDP)

Enable Remote Desktop Only When You Need It

Unfortunately, Remote Desktop can be exploited by hackers to gain control of remote systems and install malware or steal personal information. It's a good idea to keep the feature turned off unless you actively need it — and it is not enabled by default. Once enabled, however, it's easy to disable it. 

Windows 7

  1. Click the Start button, and then Control Panel.
  2. Open System And Security.
  3. Choose System in the right panel.
  4. Select Remote Settings from the left pane to open the System Properties dialog box for the Remote tab.
  5. Click Don’t Allow Connections To This Computer and then click OK.

Windows 8

For Windows 8, the process is similar to that for Windows 7.

In Windows 8.1, however, the Remote Desktop section has been eliminated from the Remote tab. To regain this functionality, you must download the Remote Desktop app from the Windows Store and install it on your Windows 8.1 computer.

 

Once installed and set up, to disable it:

  1. Press Windows + X and select System from the list.
  2. Click Advanced System Settings in the left sidebar.
  3. Select the Remote tab and check Don’t Allow Remote Connections to this Computer.

Windows 10

Windows 10 ships with Remote Desktop, so you do not need to have explicitly installed it. Once installed and set up, disabling it is similar to Windows 8.1, but you can use the Cortana search box:

  1. Enter "remote settings" into the Cortana search box and select "Allow remote access to your computer". This seems counter-intuitive, but this opens the Control panel dialog for Remote System Properties.
  2. Check Don’t Allow Remote Connections to this Computer.
Other Sources: Mary Landesman