For the past three months, WannaCry ransomware has been a known name across the globe. Majority of the cases related to ransomware have been reported in the United States, Italy and Canada. The malware originated in 2005 with the first case found in the USA.
What is WannaCry ?
Wanna Cry, also known as WannaCrypt, WannaCryptor, and WannaDecryptor, is a type of ransomware. Ransomware is a malicious software that will seal your device (PC, tablet or mobile), infect your files and display a message demanding for ransom. The affected users are asked to pay the ransom amount via Bitcoin or similar payment modes. Following the payment, the files will be released, however, failure to pay the amount will result in damage of data that can’t be repaired. On the other hand, paying the ransom doesn’t ensure retrieval of an encrypted data.
The mode of attack implemented by ransomware includes infecting targets through traditional methods. This comprises of phishing, identity theft, malicious emails, and dodgy attachments. Once the PC has been infected with the malware, the software code checks the system for additional targets through networks and infects the new found victims.
What does WannaCry ransomware do?
There are different kinds of ransomware that might affect your Windows OS but all of them will lock your PC and prevent you from using it normally. In order to restore it to a normal state, the malicious software will demand of something in the form of ransom.
The malware targets any users with Windows OS installed in their home computer or workplace and servers used by a government agency or healthcare department.
- Encrypt files so you can’t access them.
- Prevent you from accessing your Windows system.
- Stops the running of certain apps like your web browser.
Windows OS affected by ransomware
Windows OS that are older and not updated are more vulnerable to be attacked by this particular malware. The following Windows operating systems are named to be more affected by ransomware:
- Windows 8
- Windows XP
- Windows Server 2003
However, if you have installed the latest version of Windows or you are regular on updating your system, the PC is less likely to be infected by the WannaCry ransomware. Listed are a few of the OS that are less susceptible to get infected:
- Windows 10
- Windows 8.1
- Windows 7
- Windows Vista
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
If the recent version of these listed Windows OS have not been updated in a timely manner, there are still high chances of being a target.
But, if your device runs on MacOS, ChromeOS or Linux or mobile operating systems like iOS and Android, you need not worry about this specific threat.
Note: The new tool named WanaKiwi is “able” to decrypt the data locked by ransom software, works on both Windows 2008, 7, XP and Vista, and has been proven effective by some security companies.
11 Ways To Protect Yourself From Wannacry Ransomware
1. Update Windows with the latest software updates
During the month of March, Microsoft released a patch to prevent computer systems from getting infected by WannaCry. However, this was two months before the recent version of ransomware made news in May.
The Patch Windows asked the users to:
- Open the Windows Start menu, type in “windows update”
- Click “Check for Updates” and allow installation of anything marked “Important.”
- Let Windows Update run its course, and then restart the system.
Take a note that if you’ve already installed the Windows Update since mid-March, you should be protected.
Similar patches were released by Microsoft for Windows XP and Windows 8 but they are no longer supported by the company.
You can also download and install the latest security patches available for Windows 8, Windows XP, or Windows Server 2003 from the links given below.
- Windows 8 x86
- Windows 8 x64
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
In case, you are not aware of the operating system, follow the below mentioned steps:
- Go to the “Start menu”, select “Control Panel or Settings” and then click “System”.
- The resulting page will provide details regarding the version of Windows and whether it’s the 32-bit or 64-bit operating system.
- Refer to the patch corresponding to your operating system and follow the instructions.
A latest report from the Security researchers suggested that it was difficult for WannaCry ransomware to infect most of the Windows XP machines. The details explained that ransomware component are functional on XP but the infection-spreading part fails to work across the network.
2. Update Windows Drivers
Alongside keeping your Windows OS updated, it is necessary to ensure that the device drivers of your computer are up-to-date. Inappropriate or outdated drivers are troublesome for the PC.
Hence, it is highly recommended to keep the drivers updated for the better performance of the computer and proper working of the devices.
A smart and easy way to update the drivers is through Driver Restore. The driver updater utility provides a simplistic approach towards optimizing the PC performance.
The driver update software scans the system for an outdated or missing drivers and lists them. The next step includes updating the required drivers. A two-step process will help resolve your concern of outdated drivers.
- Update HP Printer Drivers Windows 10
- Update Audio Drivers in Windows 10, 8, 7, Vista & XP
- Update Drivers in Windows 7 Manually
- Update Drivers Windows 10
3. Backup all your files
Similar to other most common forms of encrypting ransomware, WannaCry, will lock your important files like images, word documents, spreadsheets, emails, database files and movies. The affected files usually include any kind of file created by the user on a regular basis. The malware will restrict the access to these files, while your computer will keep running. The access will only be granted after paying the ransom.
In order to avoid this threat, make sure that you periodically backup those important files in a different location. The best suggested methods include using an external hard disk and online-backup services.
Store your data in the external hard drive for local backups and the cloud network to ensure you don’t lose it by any means. Dropbox is an appropriate cloud based storage software to handle large chunks of data.
Note: To play more safe, manually handle the local backup and switch to the external drive only when you’re backing up to it. A few of the ransomware search for always-on backup drives and encrypts them as well.
4. Turn Windows Update on if it’s disabled
It’s not uncommon for people to disable Microsoft’s automatic updates, especially because earlier iterations had a tendency to auto-install even if you were in the middle of work.
Microsoft has largely fixed that issue with the current version of Windows 10 (the recent Creators Update). If you have disabled automatic updates, head back into Control Panel in Windows, turn on automatic windows updates.
5. Install and run antivirus software
However, installing and running these software alone don’t assure that your PC is totally safe. You need to ensure that other defenses are deployed to prevent WannaCry ransomware.
6. Create and use a limited-user account
Windows permits two kinds of user accounts: Administrator and Limited-user accounts.
The Administrator holds the authority to install, update and remove software, malware that infects the system.
The Limited accounts have no right to alter the computer’s software installations, thus, in most of the cases, malware that affects these limited accounts will be disabled.
As, the Windows create administrator accounts by default, it is advisable to create limited user accounts for every person that uses the system. The Administrator must be strictly used solely for updating, adding or removing software.
To create limited-user account, follow these steps:
Go to Control Panel > User Accounts > Manage User Accounts > Create a limited account.
7. Don’t open unexpected email attachments
It is unknown how WannaCry spreads from one network to another, however, most ransomware infects systems by deceiving users to open malicious attachments to phishing emails.
In case, you receive an email from someone known even, don’t open the attachment. It is suspected that cyber criminals can hijack other people’s email accounts.
If the attachment is important, save it to your desktop without opening it. Once saved, use your antivirus software to scan it for any malware or virus.
8. Change your network settings
It is being considered that WannaCry is using a loophole in Microsoft’s Server Message Block SMB protocol to spread.
SMB protocol enables systems on the same network to share data among each other like files, printers and much more. Disabling or changing the network settings can help achieve a safe position.
The feature can be easily disabled by:
- Go to “Control Panel or Settings” > Network and Sharing Center > Click “Change Advanced Sharing Settings”.
- Under Home or Work, Public and Domain, select the items labeled “Turn off network discovery,” “Turn off file and printer sharing” and “Turn off public folder sharing.”
9. Block TCP port 139 and 445
Here’s the path: Windows Firewall with Advanced Security > Inbound > New Rule > Block > Public
If these ports are used internally, there is no need to check “Domain and Private.” If you are unsure, leave it unchecked.
Complete this for all of your computers. Use a Group Policy or utilize the main firewall. We suggest doing this on all laptops PLUS the main firewall. This is likely helpful in stopping this version of ransomware.
10. Don’t download pirated movies, music or software
A few types of ransomware are spread through media files, software installers posted online. These files broadly include pirated movies, music or software that are more commonly downloaded by users. It is unknown if WannaCry is spread through this medium but you must refrain from downloading such files. In case, required scan them using your antivirus software before opening them.
11. Use Device Encryption
Several times people tend to buy old computer systems or hard drives through online websites. These devices may often contain confidential information of the former user. To prevent the misuse of personal data, make sure to use disk encryption to protect the data using password.
BitLocker for Windows and FileVault for Mac offer guides to enable device encryption.
Can ransomware infect my phone or tablet?
The current form of Ransomware, WannaCry/WannaCrypt infects Windows-run systems. It has been programmed to affect the Windows operating system and the files stored within. The malware is not a threat for mobile operating systems like Android and iOS. However, make sure you don’t open suspicious links or emails on your mobile or tablet devices.
People affected by ransomware are highly recommended to never pay the ransom as it encourages the hackers and there is no surety that the files will be recovered. It is advised that one must follow the suggested precautionary measures to refrain from being affected by the WannaCry ransomware.