How to Anti-ransomware WannaCry

0 nhận xét

Summary:

WannaCry: has a very fast spreading rate in the LAN and on the internet, an infected LAN machine is capable of infecting other machines at 2 ^ n speed. Please do the steps below:
How to Anti-ransomware WannaCry
- First, update the security patches of windows as soon as possible

- Block the SMBv1 protocol (some aunts fault here, actually if block port (below) then this step is thorough, no too not important)
Open cmd with Administrator privileges, paste and then enjoy
dism /online /norestart /disable-feature /featurename:SMB1Protocol

- If you do not need to use a remote desktop connection or smb on the internet, block port 445/139/3389 on the router or if you never use the above two features block directly on windows firewall to prevent the victim scan port of IP you then infected through the vulnerabilities of the two above
+ Continue on cmd, copy one by one and run:

netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=137
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=138
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=139
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=445
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=137
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=UDP localport=138
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=UDP localport=139
netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=UDP localport=445
netsh advfirewall firewall add rule name="Disable RDC" dir=in action=block protocol=TCP localport=3389

Also it is still the same type, ie if accidentally or intentionally run it on the machine even if the patch is still sticky, should be:

- Always install anti-virus in the machine, the famous antivirus programs have updated this child's signature, even the windows defender.

- Do not open files from strange sources, strange links
- If the virus has been found: to find the backup, or not the format is obsolete, after the expiry it is destroying the entire file was encrypted, not scared.

Wanna Cry Ransomware Guidelines to stay safe :
  • Be careful to click on harmful links in your emails.
  • Be wary of visiting unsafe or unreliable sites.
  • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications.
  • If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links).
  • Keep your files backed up regularly and periodically.
  • Be aware of fraudulent e-mail messages that use names similar to popular services such as PayePal instead of PayPal or use popular service names without commas or excessive characters.
  • Use anti virus and Always make have the last update.
  • Make sure your windows have the last update close the gap.
  • Use this link to download update Manual :
The first option is for 64bit system and another option for 32bit system
MS17-010 Update for Windows 10
The first option is a 32bit system and a second option for a 64bit system
Update link for MS17-010 for Windows 7 and Server 2008
Choose the first 64bit system choice or the second 32bit option.
Links Update for MS17-010 for Windows XP and Server2003 and 8

Facebook Comments
Blogger Comments
Share knowledge

Copyright © 2016 - Share knowledge ®