Windows SMB users should close some ports to prevent WannaCry
Will ransomware WannaCry come back to attack us? Try closing some of the ports below to prevent ransomware from attacking!
In early May 2017, terrorists who attacked Arianna Grande concert in Manchester and the world became victims of the WannaCry ransomware attack.
WannaCry has infected more than 230,000 computers in 150 countries. It made the British medical service deadlock, causing a blockage of telephone networks in Spain and loss of railroads in Germany. Overall, this is one of the worst cyber attacks the world has to go through.
Now, after 3 months, errors or holes still make ransomware easily spread.
Without super-high technology, WannaCry can easily infect using EternalBlue. It is an exploit developed by NSA of the SMB protocol (Windows Server Message Block).
Microsoft has created patches for millions of computers, including unsupported operating systems like Windows XP. Theoretically, these patches closed the EternalBlue SMB vulnerabilities.
- Prevent WannaCry variants by turning off this Windows 10 installation
- How to recover data encrypted by WannaCry malicious code
However, in reality, it seems they don't work very well. At the annual DEF CON conference last July, security researchers found another security hole. This vulnerability is called SMBLoris and is a remote denial of service attack. It can crash a computer or a server and only use no more than 20 lines of code.
Microsoft believes that this vulnerability should be automatically blocked by the firewall.
So how to protect yourself from ransomware?
SMBLoris affects all SMB types, meaning you must remove SMBv1 from the system completely. You need to block all incoming connections on ports 445 and 139.
You can block ports on the router but there is an easier way - using the Windows Firewall tool. Visit the Control Panel> Windows Firewall> Advanced Settings , right-click on Inbound Rules and select New Rule .
On the next screen, select Port, then select Next. Now, you need to select Specific Local Ports . Enter 445, 139 in the box. Click Next again.
Finally, select Block the Connection , name the new rule and click Finish.
If you want to protect your computer from ransomware, follow the steps above!
You should read it
- Summary of effective Anti-Ransomware software
- How to close the port / Port 445 on Windows 2000 / XP / 2003 to Windows 10 to prevent ransomware WannaCry
- How to use Kaspersky Anti-Ransomware Tool for Business
- All about WannaCry, Ransomware has been confusing for the past few days
- Enable ransomware Controlled Folder Access on Windows 10
- How to remove / fix ransomware WannaCry
- Microsoft will turn off SMBv1 in Windows Starting this fall
- How to block or unblock programs on Windows Firewall?
- Protect your computer right before the return of two extremely dangerous ransomware
- Instructions to remove WannaCry Ransomware from your computer
- WannaCry remains one of the most dangerous global security threats
- Instructions to block pop-ups in all browsers
Maybe you are interested
Facebook Messenger now has a COVID-19 information hub The surprising relationship between climate change - birth rate and consequences Worm can infect Windows system via PDF vulnerability Conficker worm still raging in TM Datacenter data center The spread of malware and how to prevent it 6 steps to plan harmful software counter-attacks