Before beginning, I need to state that CyberHunter Solutions Clean Mail Service could have prevented this WCRY attack in the first place. And if you didn’t have our CleanMail service, then you also could have used our cyber threat hunting solution that forensically investigates for these exact types of infections….BEFORE THE ATTACK BEGINS.
Anyhow, if your vulnerable system is not directly exposed to the internet, then like most malicious campaigns, this type of ransomware could arrive as an email attachment or as a download on your computer. For your system to become infected, you’ll have to click on or downloading the attachment or file, which causes the program to run and infect your computer with ransomware.
How to prevent being attacked
According to security company Bitdefender, follow these five steps:
1. Disable your computer’s Server Message Block service.
2. Install Microsoft’s patch.
3. Back up your data on an offline hard drive.
4. Install all Windows updates.
Trend Micro has also chimed in by publishing a very simple too to see if your Windows system has been patched properly, and also allows you to disable the SMBv1 protocol.
Trend Micro WCRY Simple Patch Validation Tool: this simple tool performs two functions – (1) checks a local machine to see if Microsoft’s MS17-010 patch has been successfully applied; and (2) offers to and allows the user to easily disable SMB v1 on the local machine via registry key. It is designed as a quick tool for users that may not have other easy means to validate the system patch or disable SMB v1. (SHA-256: 6f8e6dd35155f68f0c20acf214e2d3523bde25cb65ed922832d76542107bad24)