How to Protect Your Device from WannaCry
WannaCry’s modus operandi is deceptively simple: use a Windows OS vulnerability to invade your device and initiate lockdown by encrypting all files. This ransomware is extremely dangerous because once it infects one device in an organization, it quickly replicates and spreads to all connected devices. As a result, one infected device has the potential to bring a whole company down. Next, you will see a demand for ransom on your screen, to be paid in the bitcoin currency.
While a smart cyber analyst managed to halt the spread of WannaCry, the ransomware has evolved into numerous new variants over the weekend. These new variants pose a fresh threat, as unsuspecting and uninformed employees return to work this week.
Given that many organizations do not have a proper IT department, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) has listed the following measures that users of an office network should undertake to stay cyber safe:
1. Ensure that there is a firewall or broadband router in place. If you know how, disable the SMB service by closing TCP ports 139 and 445.
2. Disconnect your computer from the Internet and then backup any important files on a USB thumb drive or external hard disk.
3. Remove the storage device immediately after the backup is complete.
4. Run Windows Update for computers that are part of the office network, and install the Microsoft Security Bulletin MS17–010 security patch.
5. After updating all desktop computers, remember to apply the same security patch and Windows update to corporate laptops. If you’re unsure whether a laptop has been affected by the malware, do not allow it to connect to the office network.
6. If you have an IT administrator, he/she should proceed to disable SMBv1 for all computers. If you find yourself without IT support, inhouse or external, you can try doing it yourself by following these steps at: https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
The ransomware is mainly targeting devices that run very old versions of software like Windows XP and which are unpatched. Morey Haber, vice president of technology, BeyondTrust, has the following advice for such users: “For organizations running Windows XP download the end of life exception patch from Microsoft and apply it immediately. If you do not have patch management solutions or other vehicles to deploy the patch, I would resort to manually installing the patch on critical systems first and then progress throughout the environment. For any unused system that is vulnerable, turn it off. This exploit is not a fire drill and WannaCry is just the exploits payload. The sheer fact that this can become worm-able, allows for any unpatched system to be a target and the payloads could be much worse than ransomware to provide a persistent presence for a nation state if exploited (that is why the NSA developed it after all).”
But, if you suspect that your computer is infected with malware, do not open any files. Immediately disconnect your computer from the office/home network. Disconnect your device from any external storage device too. To ensure that other computers are not infected, switch off the network.
If you are a victim, you are advised not to pay any ransom, as this does not guarantee the recovery of the encrypted files.
If your device is not infected then, as a precaution, do not open any links or any attachment in any suspicious emails.
Originally published at www.hrtechnologist.com.