What to do about WannaCry if you’re infected or if you’re not

Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since.

Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise.

For those whose machines have not been infected, here’s what you need to do right away:

  • Apply the Microsoft patch that will thwart the attack. It’s available here.
  • If you can’t do that because you haven’t tested whether the patch will affect your software build, disable Server Message Block 1 (SMB1) network file sharing. That’s where the flaw is that it attacks.
  • Consider closing firewall port 139, 445 or both because these are the ports SMB uses.

Longer term, to guard against similar future attacks you should:

Leave a Reply

Your email address will not be published. Required fields are marked *