Protect yourself from Ransomware

WannaCry Ransomware: How to protect yourself

1. If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You can find instructions on this page in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalog.
2. If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog. We do recommend that you update to a supported version of Windows as soon as possible.
3. Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
4. If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
5. Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
6. For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware.

Additional resources:

• A fact sheet: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
• A detailed description of the worm and the exploit it uses to spread: https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
• Deep technical analysis: https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58
• Info on new variants detected today (also linked to in the post, above): https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e
• Coverage analysis on Virustotal. A spreadsheet showing which signatures/files are being detected by anti-virus vendors, when they were first submitted to virustotal and the names of each component each AV vendor is using: https://docs.google.com/spreadsheets/u/1/d/1XNCCiiwpIfW8y0mzTUdLLVzoW6x64hkHJ29hcQW5deQ/pubhtml#
• NoMoreCry: A tool created by the Spanish cyber security center (CCN-CERT) to prevent infection by this ransomware. We don’t recommend you use this tool at this time. Instead, patch your system and use a an anti-virus product or firewall rules. This is merely for academic interest: https://www.ccn-cert.cni.es/en/updated-security/ccn-cert-statements/4485-nomorecry-tool-ccn-cert-s-tool-to-prevent-the-execution-of-the-ransomware-wannacry.html
• A live feed of WannaCry infections on a map: https://intel.malwaretech.com/WannaCrypt.html
• Microsof Customer Guidance: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
• A tweet by Tal Be’ery describing the root cause of the vulnerability with links: https://twitter.com/TalBeerySec/status/863741929401585664