WannaCry: What You Need to Know

Article by Nikolay Pankov, Editor, Social Media Content Factory, Kaspersky Lab

The unprecedented outbreak of Trojan ransomware WannaCry has created a worldwide plague affecting home users and businesses. We have already posted some basics about WannaCry, and in this post we will provide further advice particularly for businesses. It is urgent and critical to know what WannaCry is, how it spreads, what dangers it poses, and how to stop it.

What should I do right now? 

One of the key reasons the Trojan erupted so quickly is that it transmits itself using an exploit, entering through a known Windows vulnerability with no user intervention (mistakes) needed. And once one computer is infected, the malware attempts to spread itself to all other systems in the local network.

Therefore, the very first action to take is to repair the vulnerability. System administrators need to take the following steps:

• Install the Microsoft patch. It’s available not only for Windows 10, but for earlier versions as well: Windows 8, 7, Vista, even Windows XP and Server 2003. This patch closes the vulnerability that the ransomware uses to infect the systems within the local network.
• If, for whatever reason, installing the patch is not possible, close port 445 using the firewall. That will block the worm’s network attack to prevent the infection. However, this measure should be viewed strictly as a stopgap. Closing this port will stop a number of important network services, so it isn’t a true solution.
• Make sure that all systems in your network are protected. This point is vital: If you haven’t patched every system or closed the 445 port, one infected computer may infect all the others.
• You may also use the free Kaspersky Anti-Ransomware Tool, which reliably protects from crypto malware. It can also be used along with other antimalware solutions; it’s compatible with most known security solutions and does not interfere with their operation.