Discussion – 


WannaCry Ransomware: How to protect yourself


  1. If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You can find instructions on this page in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalog.
  2. If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog or download links from Microsoft TechNet. We do recommend that you update to a supported version of Windows as soon as possible.
  3. Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
  4. If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
  5. Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
  6. For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware
  7. Be aware of variants and don’t open suspicious email or attachments. When in doubt, delete.
  8. Disabled SMB 1.0/CIFS file sharing features
  9. If you can’t patch for whatever reason, consider network segmentation
  10. Restrict TCP port 445 traffic to where it is absolutely needed using router ACLs
  11. Use Private VLANs if your edge switches support this feature
  12. Use host based firewalls to limit communication on TCP 445, especially between workstations (will help protect against lateral movements)

Source: WordFence , Sans.org

You May Also Like