safety – How to protect yourself from wcrypt (Wanna Cry)?

Question:

In light of the current news, I decided to ask a question on the topic of how to protect your computer from the popular wcrypt (Wanna Cry / Wana Decrypt0r). Who has data on this topic?

Answer:

Windows Update MS17-010

The virus uses the ETERNALBLUE exploit, which is closed by the Microsoft MS17-010 security update released in March. I recommend checking the update center for such an update (by code) on your computer (for example, the code for Windows 7 will be KB4012212 or KB4012215, or any other monthly set of security quality fixes starting in March (2017) ).

If updates are not installed, you can download them from the official Microsoft website:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

For older systems (Windows XP, Windows Server 2003R2) Microsoft has released special patches:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Closing ports 135 and 445

According to reports from antivirus companies, wcrypt penetrates computers through SMB (Server Message Block) ports. To prevent penetration, we block ports 135 and 445 through which the virus penetrates (in most cases they are not used by ordinary users).

To do this, open the console with administrator rights (cmd.exe -> run as administrator). And we execute 2 commands in it in turn (after each command there should be an OK status)

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

Disable SMBv1 support

The vulnerability can also be closed by completely disabling SMBv1 support. To do this, just run the following command in the command line running as Administrator (for Windows 8 and higher):

dism /online /norestart /disable-feature /featurename:SMB1Protocol

Antivirus detection

A list of antiviruses that, according to Virus Total dated 05/17/2017, detect wcrypt:

https://virustotal.com/cs/file/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25/analysis/

Scroll to Top