Microsoft Fights Back Against Wanna Cry

Representatives from Microsoft announced this month that they plan to release additional updates to Windows to provide extra protection against attacks similar to that of May’s Wanna Cry incident.

The Wanna Cry ransomware epidemic hit organizations around the world on May 11th, infecting IT systems in over 150 countries by the time it had run its course. Like all ransomware, Wanna Cry encrypted victims’ files and held them for ransom, taking systems offline and stopping businesses in their tracks. Outdated Microsoft systems are especially vulnerable, given that many users are still working with the now 15-year-old XP operating system.

Wanna Cry exploited a vulnerability in Microsoft systems for which Microsoft released an update in March of this year. It goes to show how important proper patch and update management is – if businesses and organizations around the world had installed the update when Microsoft released it, they would’ve had nothing to worry about.

Furthermore, Microsoft will go the extra mile and release security updates for Windows platforms that they otherwise wouldn’t have due to how outdated the software is (Windows XP, Windows 8, and Windows Server 2003).

“We encourage people to take action,” a Microsoft spokesperson said in an email to Fox News. “Customers with automatic updates enabled are protected and no additional action is required…We recommend those on older platforms prioritize downloading and applying these critical updates.”

Beyond simple security updates, it’s worth noting that Wanna Cry penetrated many systems through conventional phishing schemes, in which a fraudulent email requests that the recipient downloads an attachment, or clicks a link. Be sure to follow these tips to keep malware out of your systems:

Ensure that you have a good backup, a respected antivirus, and up to date security patches in place.

These are the fundamentals of a strong cybersecurity defense. Without them, your IT will be vulnerable to a range of threats – it’ll only be a matter of time before you’re hit by ransomware or worse. Be sure to consult a expert if you’re unsure as to the state of your business’ cybersecurity defenses.

Remove SMB1/CIFS

In all systems except for XP and 2003, you likely don’t need SMB1. Why? SMB2 and SMB3 are enough to get the task accomplished. To remove SMB1, click here and follow the PowerShell commands. Alternatively, you can go to your control panel, find “Turn Windows Features On or Off,” and uncheck SMB1/CIFS. If you are dealing with a server this is done through this path: Server Manager > Add Roles and Features > Roles

Patch your computers

Steps 1 and 2 deal with the critical risk, now you can patch your computers, which can take some time. That’s why you should deal with SMB1/CIFS and add firewalls rules before tackling patch updates.

Deal with SMB1 on your file sharing devices

Are you using NAS or other file sharing devices? Ensure they are on SMB 2.1 – assuming that you’re not still using Win XP, 2003, or older operating systems.

Block TCP port 139 and 445 from receiving inbound internet connections

Here’s the path: Windows Firewall with Advanced Security > Inbound > New Rule > Block > Public

If these ports are used internally, there is no need to check “Domain and Private.” If you are unsure, leave it unchecked.

Complete this for all of your computers. Use a Group Policy or utilize the main firewall. We suggest doing this on all laptops PLUS the main firewall. This is likely helpful in stopping this version of ransomware, but it’s a good practice.

Ensure Your Staff Is Aware

Send out a company-wide memo. Make sure it comes from someone who won’t/can’t be ignored. It should say something like…

Attention All:

This WannaCry ransomware is dangerous to your job and our company… (talk about ransomware’s impact).

It is imperative that you follow these guidelines on ALL work computers and ANY personal devices used for work.

  • If you get emails with suspicious attachments; even if it is from people you know do not click on the attachment.
  • No harm in opening the email for reading. Forward any suspicious emails to IT department.
  • Be very cautious of what you click on while browsing. Do not click on random pop-ups!
  • If you accidentally click on a suspicious email or web link, immediately unplug the computer from the network and turn off the WIFI – even before calling IT support.

Is this a lot to consider? Yes. Do you have to handle it all on your own? No! If you have any concerns about your cybersecurity whatsoever, be sure to get in touch with an expert support provider like Data Magic Computer Services right away.

Think about it – if Microsoft is taking Wanna Cry this seriously, so should you. Always be careful, and ensure your systems are up to date. Otherwise, who’s to say it won’t be your business that gets hit by the next version of Wanna Cry?

For more information about protecting your business from ransomware like Wanna Cry, get in touch with Data Magic Computer Services at (469) 635-5500 or datamagic@datamagicinc.com right away.

Contact Info

Connect With Us