Easy Step-by-Step Protection Against Wannacrypt (guide with pictures)
In the wake of cyber attacks, everyone should protect themselves against Wannacrypt and other malware/worms like it. Any Gamer and PC User knows securing their device is paramount. Here are easy DIY steps you can do in 10-20 minutes.
A few days ago, some parts of the world woke up unable to use their PC due to a ransomware, infecting hospitals, banks, airlines, telcos and various government offices. Hospitals that are left destabilized by the attack are horrifying. The irony, this malware variant was a monster brewed using the EternalBlue exploit and DoublePulsar backdoor once developed by the US National Security Agency according to Edward Snowden. The ransomware use DoublePulsar backdoor, through phising attack, if absent of the killswitch, it encrypts the data of the infected device thus prohibiting access. It then will spread to the network through the Microsoft Windows' Server Message Block protocol exploit.
As of this writing, Microsoft has released a new security update for Windows 10, Windows 8, Windows XP, Windows Server 2008 onwards and Windows Embedded POSReady 2009 excluding much older unsupported Windows XP. The ransomware's execution can now be prevented according to the released security updates. BUT, the said exploit is still open, anyone who has an officemate or household member infected by malware or trojan like it, can still spread it to your network. Here are the steps to completely block it off and disable it. Disclaimer: These are combinations of official guides I found from Microsoft, antivirus, antimalware and forums, the screenshots below are mine as I try it myself.
Windows Update (priority)
1. If you haven't done this already, it is very important that you update your Windows now, do this easily by typing "updates" at the search bar beside the Windows logo as follows:
2. You may need to restart your machine to apply the updates, it will take a few minutes depending on how often you update your Windows and how fast your system is. Go back to the Windows Update again to make sure you have everything, usually, it will be something like "up to date"
According to the WindowsClub, SMB or port 445 is defined as "the system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network." If your PC or laptop is a house, SMB port 445 is like an opened window you can use, to see the view outside, wave to passing people but it can also be an entrance for thieves and sneaky neighbors. In this case, port 445 is usually or most often left open, to allow communication to other devices in your network including spreading worms and malware, and Wannacrypt did just that.
You have an option to undo this step when you need to open and access your network shared stuff like printers, server files etc. Remember the house analogy, you can open and close this window as soon as you got rid of your sneaky neighbor. But close this port if your roomie or intern is a frequent torrent and porn site visitor which are haven of phishing websites, auto-open files, and auto-download malware. It would be wise to use a secure USB stick or cloud service storage for file sharing, print your stuff through a dedicated old machine or Bluetooth.
The Watchers of FireWall
1. Use the search beside the Windows logo and type "Firewall" and choose "Windows Firewall"
2. Enable it by selecting the box like below and click Ok to proceed, restart if needed
The backDoor
1. Search for "firewall" again by doing Step 1. this time select Firewall with Advanced Security
2. From this panel, select the "Inbound Rules" and click "New Rule.."
3. Select Port, click Next
4. We are going for both, but let's do TCP first, type 445 in the field
5. Select Block the connection then proceed to Next
6. Select all options Domain, Private & Public, and go Next
7. You can name it whatever you wanted, like "The Legendary Thwarting of One Sneaky Bastard" but to remember it properly, I simply named mine TCP 445 and description as below
Now we are done with the closure of TCP, let us proceed to the UDP
Battling the Bastards
These are the same from the previous steps but bear with me.
1. From the Firewall with Advance Security, select the "Inbound Rules" and click "New Rule.." again
5. Select Port, click Next
6. Now let's do UDP, type 445 in the field
7. Select Block the connection then proceed to Next
8. Select all options Domain, Private & Public, and go Next
9. Again you can name it whatever you wanted, like "The Twins, The Impregnable" but to remember it properly, I will again simply call mine UDP 445 and description as below
Holy goat we just closed port 445, now what? You can check both listed among the Inbound Rules shown below:
You may need to restart your machine but for now, let's us deal with the vulnerability fix.
The Winds of Features
We know so far that we can easily access the specific part of Control Panel and Windows function through the search function instead of going through panels after panels. Now the last thing we do now is to disable the SMB feature on Windows which calls the port 445.
1. Now search for "windows features", click the best match shown here
2. On Windows Features, deselect the SMB1.0/CIFS File Sharing, click OK
3. The Windows Features will have a progress panel and will require a restart as shown here:
Save whatever you were doing before and Restart Now or later.
To recap, What we did here are the following:
A) Update your gaming machine to the latest Windows security updates,
B) Installed a free Windows security software and
C) Close/disable the SMB port 445 which will now prevent you from sharing files in your network since you just closed that "window" but safe from the grasp of malware, trojan, virus or ransomware like Wannacrypt spreading in your network.
Remember you are still vulnerable from the internet, be vigilant in opening file(s) or malicious websites. Install a pop-up blocker or web browser protection from Microsoft security software. Let me know via comments if you encountered a problem applying these steps.
2. You may need to restart your machine to apply the updates, it will take a few minutes depending on how often you update your Windows and how fast your system is. Go back to the Windows Update again to make sure you have everything, usually, it will be something like "up to date"
Install a security software
Of course, this is a no-brainer, you need to have one installed. Don't worry there are out there for free. My personal rule of thumb, do not install two or more antivirus on the same machine to avoid conflict and false negatives, making you more confused than protected. Stick to one trusted antivirus and a compatible anti-malware. If you have Windows 7, Windows 8 or Windows 10, you don't need to buy, and if you trust Microsoft enough, you can download these for free. Google for "Microsoft Security Essentials" or "Windows Defender", install it from Microsoft official website, run, update and scan your machine. Now let us do some tweaking.
Why do we need to close Server Message Block (SMB)?
According to the WindowsClub, SMB or port 445 is defined as "the system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network." If your PC or laptop is a house, SMB port 445 is like an opened window you can use, to see the view outside, wave to passing people but it can also be an entrance for thieves and sneaky neighbors. In this case, port 445 is usually or most often left open, to allow communication to other devices in your network including spreading worms and malware, and Wannacrypt did just that.
You have an option to undo this step when you need to open and access your network shared stuff like printers, server files etc. Remember the house analogy, you can open and close this window as soon as you got rid of your sneaky neighbor. But close this port if your roomie or intern is a frequent torrent and porn site visitor which are haven of phishing websites, auto-open files, and auto-download malware. It would be wise to use a secure USB stick or cloud service storage for file sharing, print your stuff through a dedicated old machine or Bluetooth.
The Watchers of FireWall
1. Use the search beside the Windows logo and type "Firewall" and choose "Windows Firewall"
The backDoor
1. Search for "firewall" again by doing Step 1. this time select Firewall with Advanced Security
2. From this panel, select the "Inbound Rules" and click "New Rule.."
3. Select Port, click Next
4. We are going for both, but let's do TCP first, type 445 in the field
5. Select Block the connection then proceed to Next
6. Select all options Domain, Private & Public, and go Next
7. You can name it whatever you wanted, like "The Legendary Thwarting of One Sneaky Bastard" but to remember it properly, I simply named mine TCP 445 and description as below
Now we are done with the closure of TCP, let us proceed to the UDP
Battling the Bastards
These are the same from the previous steps but bear with me.
1. From the Firewall with Advance Security, select the "Inbound Rules" and click "New Rule.." again
5. Select Port, click Next
6. Now let's do UDP, type 445 in the field
8. Select all options Domain, Private & Public, and go Next
9. Again you can name it whatever you wanted, like "The Twins, The Impregnable" but to remember it properly, I will again simply call mine UDP 445 and description as below
Holy goat we just closed port 445, now what? You can check both listed among the Inbound Rules shown below:
You may need to restart your machine but for now, let's us deal with the vulnerability fix.
The Winds of Features
We know so far that we can easily access the specific part of Control Panel and Windows function through the search function instead of going through panels after panels. Now the last thing we do now is to disable the SMB feature on Windows which calls the port 445.
1. Now search for "windows features", click the best match shown here
2. On Windows Features, deselect the SMB1.0/CIFS File Sharing, click OK
3. The Windows Features will have a progress panel and will require a restart as shown here:
Save whatever you were doing before and Restart Now or later.
To recap, What we did here are the following:
A) Update your gaming machine to the latest Windows security updates,
B) Installed a free Windows security software and
C) Close/disable the SMB port 445 which will now prevent you from sharing files in your network since you just closed that "window" but safe from the grasp of malware, trojan, virus or ransomware like Wannacrypt spreading in your network.
Remember you are still vulnerable from the internet, be vigilant in opening file(s) or malicious websites. Install a pop-up blocker or web browser protection from Microsoft security software. Let me know via comments if you encountered a problem applying these steps.
