Ransomware/Virustechnology news

How to Reduce the Risk of WannaCry Ransomware/Virus?

Recently, the “WannaCry” Ransomware breaks out rapidly and asks for the Bitcoins worth of $600 for not wiping your data. It encrypts the data files of *.docx, *.jpg and virtually almost all your data on disks and makes you wanna cry e.g. many students at universities are writing thesis; hospitals’ terminals are locked out …

WannaCry malware allows remote code execution on Windows PCs where the MS17-010 fix is not installed. If you are not affected yet, here is the checklist that you might want to do:

    • Backup your important data/files Immmediately: So the worst case is that you PC is down, but you still have your precious data and can be restored later. You can backup to USB, external harddrive and the most recommended is backup to the cloud via Dropbox, Amazon Drive, Google Drive, OneDrive and etc.
    • Make sure you install the windows updates MS17-010. Turn on automatically the Windows Updates even if you don’t like them.
    • Turn of “Server” service temporarily. And make sure all 445 Ports are turned off. You may run the following command to make sure:
      netstat -ano | findstr ":445"
    • Run the following commands as administrator to enforce a firewall that blocks the WannaCry Ransomeware/Virus
# Windows 7
net stop server /Y 
netsh advfirewall set currentprofile state on 
netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp 
netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp 

# Windows 10
net stop server 
netsh firewall set opmode enable 
netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp 
netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp 

# Windows 2003
net stop server 
net start sharedaccess 
netsh firewall add portopening protocol = ALL port = 445 name = DenyEquationTCP mode = DISABLE scope = ALL profile = ALL 

# Windows 2012
net stop server 
net start MpsSvc 
netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp 
netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp 

# Windows 2016
net stop server 
netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp 
netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp

Install ‘Security Updates‘ and Keep Safe!