Posted: Friday, 16 June 2017 @ 15:18
Last month, the IT Community was hit by a destructive
attack. WannaCry is a Ransomware infection, that exploits a hole in the Windows
SMB (Server Message Block) protocol.
This was patched in March this year (Security Update
MS17-010) so if your PCs have updates enabled, you will probably be protected.
Why were big organisations such as the NHS hit?
Primarily, they currently use that are no longer supported,
(or patched), by Microsoft, e.g. Windows XP, (support ended in April 2014) and
Windows Server 2003, (supported ended in July 2015). This happens because
organisations have software that cannot run on modern OS’ (Operating Systems
e.g. Windows 7), so instead migrating away from the software, Trusts continue
to run old operating systems.
If you are infected, disconnect everything from the network.
This can prevent the infection go across the network and cause more damage.
Kaspersky has a tool that you can use to remove the ransomware.
Ransomware Removal
Microsoft
has released a patch for legacy operating systems such as Windows XP and
Windows Vista. The KB that you would need to be looking for in Windows Updates
would be KB4012598.
Additional
Steps
1) Enable Windows Updates and wherever
possible, set it to automatically install updates. If you are a business
customer, we would recommend a patching policy that has security updates tested
and rolled out, In a matter of days.
2) Backup your PCs. This is the most
effective defense if having your files backed up. So, if you are infected, you
can roll back to before the infection, and to protect your machines.
3) Be vigilant: Don’t click attachments
in emails unless you are 100% sure that it is genuine.
4) Local Firewalls – Make sure that
they are enabled on every PC.
5) Corporate Firewalls: Block all
inbound TCP 139 and TCP 445 traffic.
6) Run up-to-date Antivirus and
Anti-Malware.
7) Do NOT pay the ransom, don’t engage
with the perpetrators.