It’s Monday, how to avoid being infected with the WannaCry ransomware

The number of victims would rise on Monday when a large number of users will be back at work, then how to protect your systems from the WannaCry ransomware.

The massive WannaCry attack targeted systems worldwide, according to the Europol the number of cyber attack hits 200,000 in at least 150 countries. The number of victims would rise on Monday when a large number of users will be back at work.

Europol Director Rob Wainwright told ITV’s Peston on Sunday program that we are facing an unprecedented attack.

“The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations,” he said.

“At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning.”

Experts believe it will be a black Monday, considering also that in the last hours, new versions of the WannaCry ransomware have been detected in the wild with a new kill switch.

The are a few things that must be clear about the threat:

The WannaCry ransomware spread itself within corporate networks, without user interaction, by exploiting the EternalBlue vulnerability in Microsoft Windows.

The ransomware drops mssecsvc.exe binary in the C:\windows folder.

The WannaCry ransomware installs itself as a service and executes these two activities:

files encrypting.
propagating malware through the local network by exploiting a flaw in the SMB protocol via 445 e 139 TCP ports. The malware searches for new machines to infect.

Below a few suggestions to protect your systems:

Against ransomware-based attacks keep your backup up to date.

Install the Microsoft MS17-010 security updates published on March 14.
Keep your antivirus software up-to-date.
Disable, if not necessary, the Server Message Block (SMB) e Remote Desktop Protocol (RDP) services;
To avoid being infected by other ransomware do not open links and attachments embedded in unsolicited email messages.

System administrators urge to apply security updates to the network devices used to protect their infrastructure and identify the threats (e.g. IPS/IDS).

Block any suspicious incoming traffic using SMB and RDP protocols.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – WannaCry ransomware, cybercrime)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.