Best way to protect against WannaCry

[BiggieShady]

So, where from does John Doe get his malware most often? You know I'm right.

edit:
Oh yeah, another popular way is through link in messenger (looking at you skype) from a friend whose account was hacked or credentials have been stolen/leaked.

 

[NationsAnarchy]

Always have Adblock extension on your browser - and preferably NoScript.
Latest patching, SMB1 disable, Server serivce disable, port blocking (445, 137, 138, 139 I believe).
Antivirus-wise, I'm using AVG Free, doing really well.
And common sense is the most important, don't click on fishy stuff or emails.

 

[Halo3Addict]

The SMB just prevents the worm from hitting you. even with it enabled if you are patched up you should be fine. However the initial infection can also come from an email.

Make sure that you are not opening PDFs and other attachments from stuff you know nothing about. A popular attack vector right now is forged UPS/FedEx emails. Didn't order anything? Then you DON'T have a package waiting.

Yes, I've had a few people click on links from UPS/FedEx that led to brute force attacks on our network. Luckily, we only allow 3 login attempts before locking a user out. It's so easy to to catch most of these things just by taking the time to look over the details. It's pretty obvious (to me) that I shouldn't be opening anything from fffffffff@domain.com saying I have a package.

 

[alucasa]

Common sense should be renamed to rare sense. If common sense is as common as people claim, half of world's problems would be gone.

 

[revin]

So I cant get any critical updates to apply since my copy is not activated, is this crypto thing just from a download or email or is it inside of internet sites somehow spreading just thru the browser?
Confused on just how many ways it is infecting..................................
I'm assuming MSE and Comodo CIS 10 is still up to the task of helping to prevent me from infection.
EDit I tried the disable of SMB not sure if it is or not

 

[R-T-B]

Its really NOT a big deal. Only thing that made this ransomware famous is the fact its source code came from the NSA via a leak.

More the severity and scale of it. Surprisingly few of the people I talk to are even aware it came from an NSA leak, and news outlets barely mention it as an aside.

It does illustrate however why stockpiling exploits instead of reporting them is a HORRIBLE idea.

Someone would have to be scanning obscene IP ranges to find open ports.

This is constantly happening. Fact: If your SMB port is exposed to the internet (it is if you haven't blocked it somehow) and you aren't patched, you are going to be infected sooner or later. It doesn't take THAT long to scan the entire IPv4 port range (probably a week tops). Black hats pretty much do it regularly.

Some good advices but nobody mentioned the first line of defense ... use NoScript and AdBlock Plus browser extensions whenever surfing for porn and warez

Good general advice but actually does nothing for this particular bug/exploit. That's just good common antimalware-in-general advice, not wannacry.

 

[eidairaman1]

i am using IObit Malware Fighter and Defender .......what else should i do?

Look for a certain patch ms has launched, idk if for 10 but it was so critical they released one for XP users...

I also use spyware blaster alongside MWB, SAS.

 

[TheMailMan78]

More the severity and scale of it. Surprisingly few of the people I talk to are even aware it came from an NSA leak, and news outlets barely mention it as an aside.

It does illustrate however why stockpiling exploits instead of reporting them is a HORRIBLE idea.

I agree to an extent. What's a really horrible idea is letting civilian contractors access to classified info. Stockpiling cyber warfare tools is ok......in the hands of the military or the non-civilian branch of our intelligence agencies.

However if we did that some senator somewhere couldn't get kick backs from said contractors.

LET THE LEAKS FLOW.

 

[R-T-B]

I agree to an extent. What's a really horrible idea is letting civilian contractors access to classified info. Stockpiling cyber warfare tools is ok......in the hands of the military or the non-civilian branch of our intelligence agencies.

However if we did that some senator somewhere couldn't get kick backs from said contractors.

The exploits being stockpiled will be discovered inevitably. If it's a software-bug type exploit it should be reported to avoid general damage. Heartbleed wasn't a NSA leak (but the NSA knew about it) and it did a fair bit of financial damage.

I maintain it's just a bad idea. There are other ways to conduct "cyber warfare" (if we even consider that a legit thing) than stockpiling code exploits. They will often end up backfiring and hurting you as well as your enemies.

There may be an editorial coming down the pipe on this and WannaCry. You've been warned.

 

[eidairaman1]

I'm wondering if it's still BITS on W7?

Yes Background Intelligence Service
Askwoody.com/infoworld has info on this crap

 

[R-T-B]

Yes Background Intelligence Service
Askwoody.com/infoworld has info on this crap

I'm unsure what BITS (related to Windows Update transfers) has to do with this at all?

 

[Solaris17]

I'm unsure what BITS (related to Windows Update transfers) has to do with this at all?

it doesnt.

 

[TheMailMan78]

The exploits being stockpiled will be discovered inevitably. If it's a software-bug type exploit it should be reported to avoid general damage. Heartbleed wasn't a NSA leak (but the NSA knew about it) and it did a fair bit of financial damage.

I maintain it's just a bad idea. There are other ways to conduct "cyber warfare" (if we even consider that a legit thing) than stockpiling code exploits. They will often end up backfiring and hurting you as well as your enemies.

There may be an editorial coming down the pipe on this and WannaCry. You've been warned.

Have fun but, remember I will nuke it if its not factual.

 

[R-T-B]

Have fun but, remember I will nuke it if its not factual.

Opinions can never be factual. They can however be substantiated.

 

[TheMailMan78]

Opinions can never be factual. They can however be substantiated.

My opinions are fact.

 

[wiyosaya]

Yep, if you're unpatched and have ports UDP 137/138 and/or TCP 139/445 open to Internet.

Absolutely. Firewalls should block traffic to/from these ports and the internet. If the outgoing ports are not blocked, any smb activity will go out to the internet and basically advertise that there is a pc there.

 

[HTC]

Some of the people here are claiming all one needs is to have antivirus and system updates up to date, but these people forget that it's not enough.

Why? Because for the antivirus companies to have "the antidote" for these viruses, they need to be aware they exist in he 1st place and the same can be said about OS vulnerabilities: if the OS manufacturer is not aware of the vulnerability existence, no updates fix it.

By the time antivirus companies come up with a fix as well as the OS manufacturer, the virus has already spread and, depending on it's propagation efficiency, it can affect quite allot of people / companies before it's stopped, either by an OS patch, antivirus "antidote", whatever else.

Once the OS vulnerability is identified and patched as well as antivirus companies come up with fixes, then and only then all one needs is to have antivirus and system updates up to date.

 

[silkstone]

Putting your computer behind a router with a firewall should be all you need. Just ensure that you don't forward more ports than necessary.
Any program that is open to the internet, keep updated.

I have a Raspberry running most of the services I require remote access to and I can't imagine people spending too much time looking for exploits in Raspbian.

 

[P4-630]

Windows XP PCs infected by WannaCry can be decrypted without paying ransom
https://arstechnica.co.uk/security/2017/05/windows-xp-wannacry-decryption/

 

[RejZoR]

As I've concluded from this thread that just got locked:
https://www.techpowerup.com/forums/threads/how-sure-are-you-about-your-av.233457/

People aren't interested in things that work, they want to run with their narrative, even if it's entirely wrong on so many levels it's not even funny anymore.

For the love of your safety and safety of "neighboring" systems, do the following:
- Keep your OS fully updated at all times
- Use any FREE antivirus from a reputable vendor that has a good track record in reputable tests like AV-Test and AV-Comparatives
- Use RansomFree (It's free, has zero performance impact and is 100% focused on counter ransomware measures and works as additional layer to existing AV)

Don't listen to nay sayers who constantly whine how god damn clever they are and how much you don't need an AV because they know it better than whole teams of security experts. It costs nothing, has negligible performance impact, but can save you so much time and data. You'll thank me one day.

 

[silkstone]

MBAM also has something called anti-exploit free. I'm not sure how good it actually is, but it uses minimal resources.

There was also not much you could do to protect from WannaCry, apart from having a fully patched system and AV.

https://arstechnica.com/security/20...reason-last-weeks-wcry-worm-spread-so-widely/

This adds support to the claim, that no matter how careful you are in your browsing habits, AV is still needed.