• Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
AnonyViet - English Version
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
AnonyViet - English Version
No Result
View All Result
Home Tips

The most detailed guide on how to prevent WannaCry Ransomware

AnonyViet by AnonyViet
February 18, 2023
in Tips
0
0
SHARES
Share on FacebookShare on Twitter

  1. By stream of events:
  2. Watch live cyber attacks around the world
  • What if I get infected with WannaCry Ransomware?
  • By stream of events:

    A group of hackers called Shadow Brokers hacked into the NSA’s systems and pulled out a bunch of data from an NSA-run organization called the Equation Group. In this data, there are many 0-day exploits used by the NSA to attack, spy and steal data of many users, organizations, and governments around the world to serve the public. activityintelligence agency.

    Join the channel Telegram belong to AnonyViet ? Link ?

    The most detailed guide on how to prevent WannaCry Ransomware

    Among them, there is a particularly dangerous 0-day that was publicized last April targeting all versions from XP to Windows 10. This bug targets the Windows SMB (file sharing) service that allows attackers to execute. remote execution, roughly speaking, an attacker can control a remote computer, such as calling up a cmd with SYSTEM privileges, and manipulate it there without the user’s knowledge.

    WannaCry takes advantage of this exploit, when it infects one machine, it scans other machines on the same LAN, and executes the exploit. Once the exploitdc is messed up, no has control and operation on the new machine, it will automatically copy itself to the new machine it can control and run -> continue to execute to all the remaining machines.

    The most dangerous point leading to possible attacks from outside the LAN is that the machines do not turn on the Firewall, block port 445 of smb or disable the File sharing service. Attacker can create a system that automatically scans the public ip range to find machines that open port 445 to perform exploits.

    The most detailed guide on how to prevent WannaCry Ransomware

    Or the attacker can use phising email to trick the user into clicking on the link, or open an attachment containing a dropper, this dropper downloads the exploit code and runs it to create a backdoor, from which the attacker can enter, or simpler. it always download WannaCry and run.

    The difference that makes WannaCry dangerous is that it uses an exploit to expand the infection range, and it should be emphasized that this exploit can create a backdoor with SYSTEM permissions (equivalent to root in Linux) so it has all rights to the system, from disabling AV, disabling Firewall, modifying or deleting system files, disabling protection mechanisms altogether.

    Just one infected node is all the machines in the same network if not updated will stick. It is even more dangerous in Vietnam when users use illegal Win, do not update, disable Firewall, and old windows like XP (MS has stopped supporting XP, but this time still have to release a patch to fix this error). XP)

    Watch live cyber attacks around the world

    The most detailed guide on how to prevent WannaCry Ransomware

    Instructions on how to prevent Ransomware WannaCry

    Note:

    Do not download, do not open any files of unknown origin, especially files: exe, pdf

    Method 1: Update Windows

    The most important thing is that you must Update Windows to update to the latest Microsoft patch. Do it now, don’t wait any longer.

    Method 2: Use the tool RansomFree

    Recently, the company Cybereason just released the RansomeFree tool to help you detect and destroy WannaCry as soon as it appears on your computer.

    If your computer is infected with WannaCry Ransomware, then RansomeFree will also help you limit the spread of other files, avoiding all data encryption.

    Please note: Depending on the location, some files may still be encrypted by the WannaCry ransomware. However, as shown in this video, most of the files are protected, and the ransomware is no longer spreading.

    Or install and update the latest AntiVirus software such as Kaspersky, Avast, Avira…

    Method 3: Block Port

    Use Firewall available on Windows, or the Firewall of antivirus programs blocks the following ports:

    • TCP ports 137, 139, and 445
    • UDP ports 137 and 138

    Use the PowerShell command

    Go to Run: type Powershell and paste the following command

    netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=139
    netsh advfirewall firewall add rule name="Disable SMB" dir=in action=block protocol=TCP localport=445
    netsh advfirewall firewall add rule name="Disable SMB2" dir=in action=block protocol=udp localport=445
    netsh advfirewall firewall add rule name="Disable RDC" dir=in action=block protocol=TCP localport=3389
    netsh advfirewall firewall add rule name="Disable 137" dir=in action=block protocol=TCP localport=137
    netsh advfirewall firewall add rule name="Disable 138" dir=in action=block protocol=TCP localport=138

    Use on the interface

    How to use Firewall on Windows:

    Enter Control Panel –> Firewall

    The most detailed guide on how to prevent WannaCry RansomwareSelect Advanced settings

    The most detailed guide on how to prevent WannaCry Ransomware 19

    Repeat for both

    Inbound Rules and Outbound Rules

    Right click Inbound Rules, select New Rule…

    The most detailed guide on how to prevent WannaCry Ransomware

    Check box Port then press next

    The most detailed guide on how to prevent WannaCry Ransomware

    Continue to select TCP, under Specific local ports: 137,139,445

    The most detailed guide on how to prevent WannaCry Ransomware 22

    Select Block Connection

    The most detailed guide on how to prevent WannaCry Ransomware

    Continue to click Next,

    The most detailed guide on how to prevent WannaCry RansomwareGo to Name You can order anything.

    The most detailed guide on how to prevent WannaCry Ransomware

    Then repeat Step 1 in the same way, block port UDP: 137,138

    Then to Outbound Rulesexecute as Inboud Rules

    Method 4: Turn off SMB mode

    You need to start the Power Shell, go to run and type the PowerShell command

    The most detailed guide on how to prevent WannaCry Ransomware

    Personal computer using Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

    Copy the command below into PowerShell

    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= disabled
    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi 
    sc.exe config mrxsmb20 start= disabled
    Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

    If there is an error, just ignore it, copy it and press Enter

    Server using Windows 8 and Windows Server 2012

    Copy the command below into PowerShell

    Set-SmbServerConfiguration -EnableSMB1Protocol $false
    Set-SmbServerConfiguration -EnableSMB2Protocol $false

    Server use Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

    Copy the command below into PowerShell

    • Disable SMBv1
      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
    • Disable SMBv2
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force

    You need to restart computer to finish

    Remove SMB v1 in Windows 8.1, Windows 10, Windows 2012 R2, and Windows Server 2016 using the interface

    Windows Servers: Go to Server Manager

    Server Manager - Dashboard method

    Windows Servers: Using PowerShell

    Remove-WindowsFeature FS-SMB1
    Server PowerShell method

    Personal computer: Go to Control Panel and select Add or Remove Programs

    Add-Remove Programs client method

    Personal computer:

    Use PowerShell

    Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
    Windows Powershell as Administrator

    What if I get infected with WannaCry Ransomware?

    – Immediately disconnect the internet wifi network and the internal LAN to not infect other computers in the network

    – Immediately install RansomFree (in Method 2) to avoid infection

    The article achieved: 5/5 – (100 votes)

    Previous Post

    Instructions to hide Drives with CMD

    Next Post

    Messenger allows sending HD photos – High Quality

    AnonyViet

    AnonyViet

    Related Posts

    Instructions to design your own room using AI RoomGPT
    Tips

    Instructions to design your own room using AI RoomGPT

    March 30, 2023
    [Facebook]Instructions to UnLock Facebook Account
    Tips

    [Facebook]Instructions to UnLock Facebook Account

    March 29, 2023
    Tips

    Bruter Facebook password cracking tool

    March 28, 2023
    DNS Spoofing – Hack Facebook
    Tips

    DNS Spoofing – Hack Facebook

    March 27, 2023
    Instructions to create your own ChatGPT Bot on Telegram
    Tips

    Instructions to create your own ChatGPT Bot on Telegram

    March 27, 2023
    How to use ChatGPT-4 for free on Chrome and FireFox
    Tips

    How to use ChatGPT-4 for free on Chrome and FireFox

    March 27, 2023
    Next Post
    Messenger allows sending HD photos – High Quality

    Messenger allows sending HD photos - High Quality

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Recent News

    What is uraqt?  What does uraqt stand for?

    What is uraqt? What does uraqt stand for?

    March 30, 2023
    Instructions to design your own room using AI RoomGPT

    Instructions to design your own room using AI RoomGPT

    March 30, 2023
    [Facebook]Instructions to UnLock Facebook Account

    [Facebook]Instructions to UnLock Facebook Account

    March 29, 2023
    Tips to create many attractive hot pot dishes in the game Sugar Hanh Phuc Hot Pot Shop

    Tips to create many attractive hot pot dishes in the game Sugar Hanh Phuc Hot Pot Shop

    March 29, 2023
    What is uraqt?  What does uraqt stand for?

    What is uraqt? What does uraqt stand for?

    March 30, 2023
    Instructions to design your own room using AI RoomGPT

    Instructions to design your own room using AI RoomGPT

    March 30, 2023
    [Facebook]Instructions to UnLock Facebook Account

    [Facebook]Instructions to UnLock Facebook Account

    March 29, 2023
    AnonyViet – English Version

    AnonyViet

    AnonyViet is a website share knowledge that you have never learned in school!

    We are ready to welcome your comments, as well as your articles sent to AnonyViet.

    Follow Us

    Contact:

    Email: anonyviet.com[@]gmail.com

    Main Website: https://anonyviet.com

    Recent News

    What is uraqt?  What does uraqt stand for?

    What is uraqt? What does uraqt stand for?

    March 30, 2023
    Instructions to design your own room using AI RoomGPT

    Instructions to design your own room using AI RoomGPT

    March 30, 2023
    No Result
    View All Result
    • Home
    • News
    • Software
    • Knowledge
    • MMO
    • Tips
    • Security
    • Network
    • Office

    © 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.