The WannaCry Alert - Stopping a Global Cyber Attacks
Criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web after the success of the WannaCry attack that swept across the globe on Friday.
The hacking tool, developed by the US National Security Agency and codenamed EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.
Click here to read more
Ransomware in its current form -- most notably WannaCry/WannaCrypt -- is a Windows-specific form of malware. It's designed to target the Windows operating system and the files contained therein, so it's not a threat to mobile OSes like Android and iOS. That said, you should always exercise the same cautions when it comes to suspicious links in emails and on websites: When in doubt, don't tap.
If you're using a cloud-backup tool like Carbonite, you may be able to recover all your WannaCry-encrypted files by accessing earlier versions of them. And cloud-storage service Dropbox keeps snapshots of all changes made to files in the past 30 days. This is a very good time to investigate whether your online backup or storage provider does indeed keep rollback versions of your files, just so you know whether you have an option other than paying the ransom!
What does WannaCry do?
The attack exploits a vulnerability in older Windows operating systems, namely:
If you're using a more recent version of Windows -- and you've stayed up up-to-date on your system updates -- you should not be vulnerable to the current iteration of the WannaCry ransomware:
But the reverse applies, too: If you haven't been keeping those newer versions of Windows updated, you'll be just as vulnerable until and unless you do.
If you're using MacOS, ChromeOS or Linux -- or mobile operating systems like iOS and Android -- you don't have to worry about this particular threat.
If you're using one of the newer versions of Windows listed above (10/8.1/7, etc.) and you've kept your PC up-to-date with automatic updates, you should've received the fix back in March.
In the wake of WannaCry, Microsoft issued rare patches on the older versions of Windows it no longer formally supports to protect against this malware. Here's where you can download these security updates:
Windows 8 x86
Windows 8 x64
Windows XP SP2 x64
Windows XP SP3 x86
Windows XP Embedded SP3 x86
Windows Server 2003 SP2 x64
Windows Server 2003 SP2 x86
The full download page for all Windows versions is available here.
Turn Windows Update on if it's disabled
It's not uncommon for people to disable Microsoft's automatic updates, especially because earlier iterations had a tendency to auto-install even if you were in the middle of work. Microsoft has largely fixed that issue with the current version of Windows 10 (the recent Creators Update). If you have disabled automatic updates,, head back into Control Panel in Windows, turn them back on and leave them on.
Install a dedicated ransomware blocker
Don't assume that your current antivirus utility -- if you're using one at all -- offers protection against ransomware, especially if it's an outdated version. Many of the big suites didn't add ransomware blocking until recently.
Not sure if you're protected? Dive into your utility's settings and see if there's any mention of ransomware. Or, do some web searching for the specific version of your product and see if it's listed among the features.
If it's not, or you're pretty sure you don't have any kind of safeguard beyond your patched version of Windows, install a dedicated anti-ransomware utility. Two free options: Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta).
Block port 445 for extra safety
MalwareTech, whose security analyst on Friday briefly slowed the worldwide attack of the WannaCry ransomware posted to Twitter that blocking TCP port 445 could help with the vulnerability if you haven't patched your OS yet.