About WannaCry Ransomware
In this article, you will get to know about how to prevent ransomware attack. Before that, we have to familiar with ransomware definition, ransomware virus etc.
Everyone is thinking who is behind ransomware virus, how does ransomware work, whether our system is safe from WannaCry.
Ransomware attack started on Friday, 12th May 2017, till now it’s infected more than 230,000 computers in over 150 countries.
The worst- hit countries are reported to be Russia, Ukraine, India, and Taiwan but parts of Britain’s National Health Service (NHS) etc.
What is ransomware?
Ransomware definition: it is a Computer Malware worm virus that usually spreads through spams Emails.
The WannaCry ransomware is also known as Decryptor, leverages windows SMB exploit, Dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating System.
Once infected ransomware virus also scans for other unpatched computers connected to the same local network as well as scans random hosts on the wider internet to spread itself quickly.
Ransomware virus usually infects a computer when a user opens a phishing e-mail, and although it has been supposed that e-mail messages are used to infect machines with WannaCry, this method of attack has not been confirmed.
Once installed, WannaCry uses the vulnerability of EternalBlue and the DoublePulsar backdoor developed by the United States National Security Agency (NSA) to broadcast through local networks and remote hosts, which have not been updated with the latest security updates, to directly infect any exposed system.
A critical patch was issued by Microsoft on March 14, 2017, to eliminate the underlying vulnerability of supported systems, almost two months before the attack, but many organizations had yet to implement it.
Those who continue to run older, unsupported operating systems such as Windows XP and Windows Server 2003 were initially at particular risk, but Microsoft has taken the unusual step of launching updates for these operating systems for all customers.
Shortly after the attack began, a web security researcher blogged as “MalwareTech” unknowingly flipped an effective kill switch by registering a domain name found in the ransomware code.
This slowed down the spread of the infection, but now new versions have been detected that lack the death switch.
Dear readers, now everyone thinking how to prevent ransomware Viraus, or what is the ransomware removal tool, how does ransomware work, just relax now I am going to show you some simple tips and tricks if you follow this tips you can secure you PC from viruses attacks. Many times your system is unsecured due to lack of simple security practices.
How to prevent ransomware attack step by step guidance.
Step 1: Always Install Security Updates
If you are a user of Windows versions, except Windows 10, with SMB enabled, Make sure that your computer always receives updates automatically from Microsoft, and is always up to date.
In the computer network, Server Message Block protocol (SMB), a version of what is also known as Common Internet File System CIFS, functions as an application-layer network protocol.
To provide shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated process-to-process communication mechanism.
Step 2: Patch SMB Vulnerability
WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010) in March, it is recommended to ensure system installs Patches.
On the other hand, Microsoft has been very generous with its users in this difficult time when the company has even released the SMB patches (download from here) for their non-compatible versions of Windows, including Windows XP, Vista, 8, Server 2003 Y 2008.
NOTE: If you are using Windows 10 Creators Update (1703), you are not vulnerable to the SMB vulnerability.
Step 3: Disable SMB
After Installation of patches, you have to disable Server Message Block version 1 (SMBv1) protocol, to prevent from ransomware attack.
SMBv1 is enabled by default on Windows, to unsecured you system from WannaCry ransomware attack
Here are the Simple Steps to disable SMBv1
Press windows button–> click on Control Panel–> open programs.
Click to open “Programs Features” then click on “Turn Windows Features on and off”
The checkbox will open here, scroll down to find out SMB1.0/CIFS File sharing support, and just uncheck it.
Then click on OK Button, close the control panel and restart your system
Step 4: Enable Firewall and Block SMB Ports
Keep your firewall enabled if you want to keep SMBv1 enabled, and then just modify firewall configurations to block access to SMB port over the internet.
This protocol operates on TCP ports 137,139, and 445, and over UDP ports 137 and 138
Step 5: Use an Antivirus Programs
This is a permanent solution to keep your system secure from various Malware.
Install antivirus software from a good and reputable vendor and keep it up-to-date.
Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent secret installations of malicious applications in the background.how to prevent ransomware
step 6: Be suspicious of emails, websites, and applications
Unlike WannaCry, most ransomware virus is spread through phishing emails, malicious ads on websites, and third-party applications and programs.
Therefore, you should always be careful when opening unsolicited documents sent through an email and clicking links within those documents unless you verify the source to safeguard against such ransomware decrypt infection.
Also, never download any applications from third-party sources and read reviews even before installing official store apps.
step 7: Regular backup of your files
To always have strict control of all your important documents and files, keep a good backup routine in place that will make your copies on an external storage device that is not always connected to your computer.
This way, if any ransomware attack infects you, you cannot encrypt your backups.
step 8: Keep your knowledge up to date
There is not a single day that goes without reporting on cyber attacks and vulnerabilities in popular software and services such as Android, iOS, Windows, Linux and Mac Computers.
Therefore, it is time for users of any domain to follow the everyday events of the cyber world, which will not only help them keep their knowledge up to date but will also avoid sophisticated cyber attacks.
I am sure now you are able to how to prevent ransomware virus
What to do if WannaCry infects you?
If WannaCry ransomware attack has infected you, you can not decrypt your files until you pay a ransom money to the hackers and get a secret key to unlock your file.how to prevent ransomware