How to Protect against #WannaCry and Similar Ransomware Attacks and Why VPNs Can be Less Safe

Recently a malicious computer worm called WannaCry hit a wide range of computers across the Internet, infecting computers running Windows without any requiring interaction on the user’s behalf.

This particular worm is a type known as Ransomware, it infects Windows computers remotely using an SMB/CIFS exploit developed by the NSA.

The are various strategies that one can use to protect themselves from this particular Ransomware threat and future ones.

  1. Apply Microsoft patch MS17–010 — https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  2. Turn on Windows updates
  3. Disable SMBv1 — https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
  4. Turn on the Windows Firewall

All workstations i.e computers that aren’t servers, should enable the Windows firewall to protect themselves from future SMB based attacks or other attacks that depend on incoming IP connections to the client. This will provide protection even if they aren’t patched, enabling the Windows firewall to block incoming connections.

Enabling the Windows Firewall, is especially important if you connect to a VPN.

Most computers are behind a hardware firewall at home or at the office, which NATs your IP address, so SMB ports cannot receive incoming traffic from the Internet; once you connect to a VPN other computers that are using the same VPN provider can directly communicate with your computer and infect it with malware; if it doesn’t have its firewall enabled.

Advice specific to organisations that use an Active Directory server

If you’re an organisation that uses an Active Directory server, the administrator should set a GPO policy to force every client in the organisation to enable the firewall and turn on automatic Windows updates.

This GPO policy will override any settings that the local administrator attempts to enforce. Doing this will prevent, users from disabling the firewall and putting their machine at risk.

How to enable Windows updates via GPO Policy
https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx

How to enable Windows Firewall via GPO Policy http://www.techrepublic.com/blog/the-enterprise-cloud/managing-windows-firewall-through-group-policy/