Here is a list of Do’s and Don’ts which you should follow to keep your computer safe:
- You need to immediately install the May Windows Update bundles. Shutting down your system for a few minutes will be worth it, if it enables you to avoid this. If you’re still using Windows XP, you’re out of luck, but the March and April update bundles are available for Windows Vista. Also, Microsoft has released a patch for Windows XP and its server counterpart Windows 2003.
- In order to prevent the infection, users and organisations should apply relevant patches to Windows systems as mentioned in the Microsoft Security Bulletin MS17-010. The malware has been targeting commonly used office file extensions such as .ppt (PowerPoint), .doc and .docx (Word), .xlsx (Excel), and image file extensions such as .tiff, .raw, among various other common file types for archiving, emails, databases, etc.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
- As part of the best practices to prevent ransomware attacks, users should maintain an updated antivirus software, regularly check for integrity of the information stored on databases, to not open attachments in unsolicited e-mails, restrict users’ ability to install and run unwanted software applications, among various others.
- Individuals or organisations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and law enforcement agencies.
- Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- CERT-In advisory: Block SMB ports on Enterprise Edge/perimeter network devices [UDP 137, 138 and TCP 139, 445] or Disable SMBv1. http://support.microsoft.com/en-us/help/2696547
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organisation’s website directly through browser
Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
USE THESE TOOLS:
Tool (NoMoreCry) to prevent Wannacry Ransomware by CCN-CERT:
Malwarebytes Anti-Ransomware(formally Crypto Monitor)
Trendmicro Ransomware Screen Unlocker tool
Microsoft Enhanced mitigation and experience toolkit(EMET)