Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Windows SMB users should close some ports to prevent WannaCry
In early May 2017, terrorists who attacked Arianna Grande concert in Manchester and the world became victims of the WannaCry ransomware attack.
WannaCry has infected more than 230,000 computers in 150 countries. It made the British medical service deadlock, causing a blockage of telephone networks in Spain and loss of railroads in Germany. Overall, this is one of the worst cyber attacks the world has to go through.
Now, after 3 months, errors or holes still make ransomware easily spread.
Without super-high technology, WannaCry can easily infect using EternalBlue. It is an exploit developed by NSA of the SMB protocol (Windows Server Message Block).
Microsoft has created patches for millions of computers, including unsupported operating systems like Windows XP. Theoretically, these patches closed the EternalBlue SMB vulnerabilities.
- Prevent WannaCry variants by turning off this Windows 10 installation
- How to recover data encrypted by WannaCry malicious code
However, in reality, it seems they don't work very well. At the annual DEF CON conference last July, security researchers found another security hole. This vulnerability is called SMBLoris and is a remote denial of service attack. It can crash a computer or a server and only use no more than 20 lines of code.
Microsoft believes that this vulnerability should be automatically blocked by the firewall.
So how to protect yourself from ransomware?
SMBLoris affects all SMB types, meaning you must remove SMBv1 from the system completely. You need to block all incoming connections on ports 445 and 139.
You can block ports on the router but there is an easier way - using the Windows Firewall tool. Visit the Control Panel> Windows Firewall> Advanced Settings , right-click on Inbound Rules and select New Rule .
Windows SMB users should close some ports to prevent WannaCry Picture 1
On the next screen, select Port, then select Next. Now, you need to select Specific Local Ports . Enter 445, 139 in the box. Click Next again.
Windows SMB users should close some ports to prevent WannaCry Picture 2
Finally, select Block the Connection , name the new rule and click Finish.
Windows SMB users should close some ports to prevent WannaCry Picture 3
If you want to protect your computer from ransomware, follow the steps above!
Lesley MontoyaYou should read it
- Summary of effective Anti-Ransomware software
- How to close the port / Port 445 on Windows 2000 / XP / 2003 to Windows 10 to prevent ransomware WannaCry
- How to use Kaspersky Anti-Ransomware Tool for Business
- All about WannaCry, Ransomware has been confusing for the past few days
- Enable ransomware Controlled Folder Access on Windows 10
- How to remove / fix ransomware WannaCry
- Microsoft will turn off SMBv1 in Windows Starting this fall
- How to block or unblock programs on Windows Firewall?
- Protect your computer right before the return of two extremely dangerous ransomware
- Instructions to remove WannaCry Ransomware from your computer
- WannaCry remains one of the most dangerous global security threats
- Instructions to block pop-ups in all browsers
Maybe you are interested
What is WannaCry, how to prevent Wanna cry for computers
How to configure a firewall to block the WannaCry ransomware attack
Instructions to remove WannaCry Ransomware from your computer
2 effective and free ways to check WannaCry
List of file names, HASH SHA-256 codes containing WannaCry malware
The attack on Microsoft Exchange increased while WannaCry showed signs of return
Attack the network
Hackers have deciphered Apple's Secure Enclave security chip- Ad Tracker on e-commerce site can flip the Bitcoin transaction mask
- Igexin advertising API brings spyware to steal user information
- Trojan banks surpass the malware defense of Google Play
- New malware-digging tool on Linux devices
- New variant of ransomware Arena Crysis appeared
Hackers have deciphered Apple's Secure Enclave security chip
Ad Tracker on e-commerce site can flip the Bitcoin transaction mask
Igexin advertising API brings spyware to steal user information
Trojan banks surpass the malware defense of Google Play
New malware-digging tool on Linux devices
New variant of ransomware Arena Crysis appeared