Protecting yourself from WannaCry ransomware

[evilsatan]

This may not all be accurate or the best advice but I am sharing what I have, feel free to add to it or amend as you see fit.

The SMBv1 protocol was exploited by EternalBlue (part of the NSA leaked tools), this is enabled by default in all Windows operating systems older than Windows 10/Server 2016. Other platforms should not be affected.

• Use decent security

Ever since Rap recommended it so many years ago on here, Eset has been my security product of choice. Most of my clients have Eset Endpoint Security (or Smart Security in the case of home users), the response from them was this:

ESET’s network protection module was already blocking attempts to exploit the leaked vulnerability at the network level before this particular malware was even created. ESET increased the protection level by adding detection for this specific threat as Win32/Filecoder.WannaCryptor.D; first detected in the 15404 VSDs, released May-12-2017, 13:20 CEST (UTC/GMT +02:00). Prior to that, ESET LiveGrid protected against this particular attack starting around 11:26AM CEST.

Even if you don't want to use Eset general advice is to use a good, premium security suite. I don't know how well they coped with this particular threat but I hear Kaspersky or Bitdefender are both very good alternatives to Eset, or you can check out reports on these apparently unbiased sites:
https://www.av-comparatives.org/
https://www.av-test.org/en/

• Keep Windows up to date

The advice was to keep Windows up to date but in particular you need to patch Microsoft Security Bulletin MS17-010. You can find the relevant patches for operating systems as old as Windows XP here: https://technet.microsoft.com/en-us/.../ms17-010.aspx
Be sure to select the correct architecture, and if it says SP1/SP2 make sure you have that service pack installed or it will not apply the patch. If you use another variant of OS, WHS2011 for example, look what the base OS is. In the case of WHS2011 you will need Server 2008 R2.

Security only patches the flaw only, the rollup includes the patch and some quality updates so up to you which you install. It is worth noting that subsequent months security rollups e.g. April/May do not include previous months patches so you need to install the March patch from the link above. You should also be on at least Windows 7/Server 2008 R2 as older systems are not supported by Microsoft, these patches are one-offs given the severity of this vuln.

• Disable SMBv1

This should help you disable SMBv1, most people should not need it any more.
https://support.microsoft.com/en-us/...ws-server-2012

• Backup your data

You should have an offsite backup of any data you can't afford to lose, preferably this would have versioning too in case your infected files are uploaded and in some cases you may want snapshots (depending what you are backing up).