What is the WannaCrypt Ransomware Attack?
The WannaCrypt ransomware attack is currently an ongoing cyberattack targeting the Microsoft Windows operating system. This attack started on Friday, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in bitcoin. The attack has been described by Europol as unprecedented in scale. It is derived from EternalBlue, an exploit discovered by the NSA but never disclosed and later released by the hacker group “The Shadow Brokers” on April 14th. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol, which is used to share files across a network of computers.
There are step to make sure that you are not affected by WannaCrypt ransomware:
Make sure that you are up to date with all windows updates. Specifically with the update that patches the MS17-010 vulnerability. If you are running anything older than windows 7, I recommend that you update to a newer OS.
Make sure that you are not opening email attachments from strangers or unexpected attachments from known contacts. Email attachments seem to be the main way this attack spreads. Otherwise, it spreads in the network using the SMB vulnerability if it is not patched.
If you don’t rely on file sharing on a network in Windows, then Microsoft recommends disabling SMBv1 For customers running Windows Vista and keep up to date with Microsoft Knowledge Base Article 2696547. Alternatively, for customers running Windows 8.1 or Windows Server 2012 R2 and later: Open Control Panel, click Programs, and then click Turn Windows features on or off. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window. Restart the system. For server operating systems: Open Server Manager and then click the Manage menu and select Remove Roles and Features. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window. Restart the system.
Impact of the Workaround
The SMBv1 protocol will be disabled on the target system. To undo the workaround, retrace the your steps, and select the SMB1.0/CIFS File Sharing Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state. Disabling the SMBv1 protocol is a temporary workaround.
Keeping backups won’t necessarily protect you from attack but it will allow you to recover all your files in a painless and easy way. Its always a good idea to backup your PC periodically and follow the 3-2-1 rule. Have at least three copies of your data. Keep two of the copies on two different storage types. And keep at least one copy of the data offsite.