How to Prevent and stop WannaCry Ransomware to Get Into Your Computer System

Posted on

Started on Friday 12 May 2017 there are thousands of computers infected by Ransomware called WannaCry. WannaCry ransomware attack thousands of computers around the world by encrypting data file such as documents, photos, videos, database and other files. They asking $300 money sent to bitcoin in three days, after three days they will double the price to $600 and after 7 days your files will be lost.

Ransomware are malicious program that asking money to the people which their files already infected. They first encrypt the file and asking money to Decrypt it. It spread through network, if you

How to prevent Ransomware program like Wanna Cry?

Here are steps to prevent Wanna Cry Ransomware infecting your computer

  • Always update your Windows operating system. Microsoft are always updates their system to improves and patch security hole that may exploited by some people for bad intentions.
  • Always update your anti virus system, as an additional to Windows updates system, but mandatory. Windows update only will not able to detect virus and remove them.
  • Do not click any attachment from unknown people, even if it come from person you know, ask him first whether she or he really send the attachment file. Because some virus also send email using someone you know.
  • Avoid using USB drive, if you are using USB drive to work with files to and from home and office, alternatively you can use cloud drive such as Google Drive, Microsoft OneDrive, Dropbox.

Below is screenshot of a computer infected by WannaCry virus (Ransomware).

Stop Ransomware

How to check if your computer already protected from WannaCry attack

If your computer OS is Windows 7

Make sure your computer system already installed patch KB4012212 or KB4012215, you can read about this patch at the link below.

https://support.microsoft.com/en-us/help/4013389/title

Check manually via control panel

Open control panel>Program and features>View Installed Updates if you found KB4012212 then your computer is protected. Just make sure that your antivirus is also updated.

Check semi-automatic using script WMIC

If checking on local computer, type following command on comouter’s command prompt

wmic qfe get | findstr “KB4012212”
using wmic command to check computer - Stop Ransomware

To checking remote PC:

wmic /NODE: COMPUTERNAME qfe get | findstr “KB4012212”

how to stop wannacry fansomware - Stop Ransomware

You have to logon as administrator user into the targeted computer. In my case I only need to logon as local administrator from my computer and run the script. All the administrator account having the same password throughout the organization.

Windows patch for Windows Server 2008 system

Windows Server 2008 32 bit:

Windows6.0-KB4012598-x86.msu

Windows Server 2008 64 bit:

Windows6.0-KB4012598-x64.msu

Windows Server 2008 Itanium based

Windows6.0-KB4012598-ia64.msu

If you still have any Windows 2003 servers or any XP computers:

You have to manually install a patch from the following website. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

If your server Windows Server 2008 R2 (all editions)

Windows Server 2008 R2 X64 based:

Windows6.1-KB4012212-x64.msu

or

Windows Server 2008 R2 x64 based:

Windows6.1-KB4012215-x64.msu

How to cure computer that already infected?

We don’t have information about how to remove WannaCry ransomware yet if already infected. When we have the information will update this posting immediately.

How to prevent WannaCry from spreading

Luckily a 22 year old from UK MalwareTech https://twitter.com/MalwareTechBlog has stopped the WannaCry ransomware by registering a domain name that contain in the virus code.

Read here: http://www.telegraph.co.uk/news/2017/05/14/revealed-22-year-old-expert-saved-world-ransomware-virus-lives/

If that domain pinged and got reply not found then the virus will keep spread and vice versa it will stop when domain already registered. To registered the domain name only about $10.

As the virus spreading already stopped do I still need to update my system and installing patches above?

Yes definitely you still those patches and updates because I am sure the creator of virus will create new code, change the domain, etc.

By having your Windows system updated you already minimize the chance of getting infected by other ransomware virus in the future.

Facebook Comments