Prevent yourself from falling victim to WannaCry Ransomware

What is WannaCryptor?

On May 12, 2017, a ransomware attack known as WannaCryptor aka WannaCry (detected by ESET as Win32/Filecoder.WannaCryptor.D) spread rapidly across the globe.

When WannaCryptor touches a user’s computer, it encrypts all its files, effectively locking them up and making them unavailable to the victim. A ransom is demanded in the form of Bitcoin in exchange for restoring access to the files.

The price for unlocking the data and hardware increases with time. If the payment isn’t made by the deadline, the computer is rendered permanently inaccessible.

According to Michael Aguilar, a business security specialist at ESET, WannaCryptor, also known as WannaCry and Wcrypt, is “unlike most encrypting-type malware: this one has wormlike capabilities, allowing it to spread by itself”. He also offers some sage advice in his
post on how to protect yourself. ESET clients were already protected by ESET’s network protection module.

ESET products can detect and block this malware. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:

  • You must have the latest Windows operating system updates and patches
  • Make sure that ESET Live Grid is enabled in your ESET product
  • Make sure that your ESET software is upgraded to the latest version and running most up-to-date detection engine
  • Do not open attachments sent to you in emails from unknown senders. We also recommend that you avoid opening unsolicited email attachments from someone you know and trust
  • Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources
  • Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch
  • Disable or restrict Remote Desktop Protocol (RDP) access (see Remote Desktop Protocol best practices against attacks)
  • Disable macros in Microsoft Office
  • If you are using Windows XP, disable SMBv1

For more information, please visit ESET Knowledgebase
For business support enquiries, please visit ESET Support