WannaCry ransomware infected hundreds of thousands of computers in May 2017. WannaCry infects a computer, encrypts files and demands payment to decrypt the files. Although this article was first published in 2017, the information about ransomware is still relevant today. WannaCry variants are sure to exist and may unfortunately impact you or your business one day. Read on to learn more about WannaCry ransomware and how you can be safe from future ransomware attacks.
Here’s what the average person needs to know about WannaCry ransomware.
I’m sure you saw the news over the weekend that hundreds of thousands of computers have been hit by WannaCry ransomware. It’s all over the place.
I’m going to show you a few things you can do to know whether you’re at risk and also how to protect yourself.
Who is affected by Wannacry Ransomware?
First, this only affects certain kinds of computers.
If you’re on a Mac or on a Chromebook or even a Windows 10 device, you’re safe, at least from this attack. There are other types of ransomware that could be impacting you, either in the past or in the future. It’s older Windows machines, like Windows XP, Windows 7 or 8 or Windows Server devices that are at risk for this attack.
What caused this vulnerability?
This is what all the kerfuffle is about. It’s about this patch from Microsoft.
It was released two months ago, and it’s the whole reason that this ransomware attack has been so successful. If you’ve applied this patch, you’re safe and it’s actually widely believed that this is one of the vulnerabilities that came out in the Shadow Brokers hack against the NSA that was in the news.
How to prevent Wannacry
The key thing to do is to make sure you have Windows Update turned on.
If you’ve ever turned off Windows Update, you’re leaving your computer at significant risk, so go into your settings right now and check that Windows Update is on and it’s automatically patching your systems. If you don’t know how to turn on Windows Update, just Google it. Search for how to turn on Windows Update and then type in the name of your operating system.
In this example, I typed in Windows 8.
Go ahead and run that Windows Update now, make sure it’s fully up to date, and then restart your computer, and you’ll be protected.
How does Wannacry Ransomware work?
Now, the whole reason this attack works is that it’s using something on Windows machines called SMB. SMB is a way that computers talk to each other and do things like share file back and forth, and it’s the reason that this has spread so far and so fast, because when one infected computer gets on the network, it starts looking for friends that it can talk to. It gets the malware installed on those machines, and then those machines look for friends that they can talk to.
It’s the ultimate pyramid scheme, and it just keeps spreading out and out and out, looking for infected machines.
What else should I do?
Now, there’s a way that you can check whether your machine can connect to the internet via SMB, and that’s using something called ports.
Ports are things that computers use to talk to each other. SMB specifically uses ports 139 and 445.
You don’t have to know how ports work, but here’s how to actually test them.
Go to this website, yougetsignal.com and punch in these numbers one at a time and run a scan to see whether your computer can talk to the internet over these ports.
First, type in 139, then click on check. Wait about a minute, look at your result, then type in 445 and click on check. Wait another minute.
What you should see is this.
You should see that the port is closed and that means that your computer can’t talk to other computers over the internet over this port.
That’s exactly what you want. If you get something other than closed, then give us a call or talk to your IT person about how to lock this down better.
How can I be safe from other ransomware attacks?
Finally, there are things that you can do to be safe against all forms of ransomware. Six key things to defend your business from being attacked by ransomware and for being able to respond quickly to ransomware.
The first, like I said, always keep your computers updated. Always apply those patches. Those patches aren’t out there for fun. It’s because someone has figured out a security vulnerability and you need to make sure that it’s closed.
Secondly, get someone to scan your computers to confirm that the patches are actually there. This is something that we do for clients. This is something that you can do in house. Just periodically run a scan to make sure that you’re patching is actually working correctly.
Lots of backups
Third, you need to backup your data. If you do get hit by ransomware, you can tell the attackers to go screw themselves if you have a great backup. We like to use a multi-layered backup. We actually back up files locally, onsite, and then we also use a couple of different cloud service providers to back up our data to the cloud.
Advanced scanning for phishing
Fourth, phishing is the most common way that ransomware gets into organizations. People send you phishing emails all the time to try to trick you into either clicking a link or opening an attachment. You should have some advanced scanning of your emails, every single email being scanned, looking for a phishing attack, looking for ransomware.
Train users to spot phishing
Fifth, you gotta train your users and you have to test them. You have to make sure they know how to spot a phishing attack and you have to test that if they get a fake phishing attack, they are gonna know what to do with it, and lastly…
Isolate older machines
There are definitely instances where you can’t update these older machines. Maybe you have a Windows XP machine in your environment that you need to run some older software. There are things you can do to isolate that machine to make sure that it can do its job but that it can’t talk to other machines in your company, that it can’t talk to other machines on the internet.
If you need help with figuring out how to make sure that your company is safe from ransomware, we can help you.