The battle against the WannaCry ransomware continues. (In many spaces it's referred to as WannaCrypt. There appears to be no substantive difference between the two.)
The attack, which started on Friday, locked people out of their computers and encrypts their files, demanding they pay up to $300 in bitcoin -- a price that doubles after three days -- to receive a decryption key or risk losing their important files forever. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.
The ransomware was slowed by a security analyst last week after discovering a kill switch in its code, but has since been updated without the kill switch, allowing it to grow further. WannaCry has now reached more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.
Though it might seem to be an issue for only businesses, institutions and governments, individuals are at risk, too, as WannaCry targets a Windows operating system flaw in older versions of the OS that have not been patched.
Important hat tip: The information herein comes largely from How to defend yourself against the WannaCrypt global ransomware attack by ZDNet's Charlie Osbourne.
These OSes are affected
The attack exploits a vulnerability in older Windows operating systems, namely:
- Windows 8
- Windows XP
- Windows Server 2003
If you're using a more recent version of Windows -- and you've stayed up up-to-date on your system updates -- you should not be vulnerable to the current iteration of the WannaCry ransomware:
- Windows 10
- Windows 8.1
- Windows 7
- Windows Vista
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
But the reverse applies, too: If you haven't been keeping those newer versions of Windows updated, you'll be just as vulnerable until and unless you do.
If you're using MacOS, ChromeOS or Linux -- or mobile operating systems like iOS and Android -- you don't have to worry about this particular threat.
Update Windows immediately
If you're using one of the newer versions of Windows listed above (10/8.1/7, etc.) and you've kept your PC up-to-date with automatic updates, you should've received the fix back in March.
In the wake of WannaCry, Microsoft issued rare patches on the older versions of Windows it no longer formally supports to protect against this malware. Here's where you can download these security updates:
- Windows 8 x86
- Windows 8 x64
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
The full download page for all Windows versions is available here.
Turn Windows Update on if it's disabled
It's not uncommon for people to disable Microsoft's automatic updates, especially because earlier iterations had a tendency to auto-install even if you were in the middle of work. Microsoft has largely fixed that issue with the current version of Windows 10 (the recent Creators Update). If you have disabled automatic updates,, head back into Control Panel in Windows, turn them back on and leave them on.
Install a dedicated ransomware blocker
Cybereason Ransomfree is a free utility designed to block threats like WannaCry.
Don't assume that your current antivirus utility -- if you're using one at all -- offers protection against ransomware, especially if it's an outdated version. Many of the big suites didn't add ransomware blocking until recently.
Not sure if you're protected? Dive into your utility's settings and see if there's any mention of ransomware. Or, do some web searching for the specific version of your product and see if it's listed among the features.
If it's not, or you're pretty sure you don't have any kind of safeguard beyond your patched version of Windows, install a dedicated anti-ransomware utility. Two free options: Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta).
Block port 445 for extra safety
MalwareTech, whose security analyst on Friday briefly slowed the worldwide attack of the WannaCry ransomware posted to Twitter that blocking TCP port 445 could help with the vulnerability if you haven't patched your OS yet.
