Several destructive ransomware variants (including WannaCry, Locky, CyptoLocker, CryptoDefense, CyptoWall, CTB-Locker, etc.) appeared to kidnap computers in the world. The number of ransomware infections has been increasing!
- Encrypts files on victims' computers, WannaCry encrypts files on victims’ computers and adds a .WCRY file extension to them.
- Data will be unrecoverable due to encryption by ransomware.
Until now, there is NO effective method to decrypt all the kidnapped files.
Actions Preventing WannaCry Attack
To save your computer from harms, please remember:
Firewall (For IT support ONLY)
- Ensure latest signature has been applied on IPS
- Ensure PC has up-to-date Windows updates.
- Disable SMBv1 - https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
- [Reminder] ‘System Watcher’ function should be enabled in Kaspersky anti-virus software. 'System Watcher' has a feature of rolling back any unwanted changes such as file encryption.
- Ensure up-to-date anti-virus software
- Same as Windows Client
- Block incoming traffic to Port 445 in Windows Firewall if no SMB service is needed
ITSC has applied IP filtering to a list of TOR (Threat of Release) sites. Please report to ITSC if you (or users) can’t access to any legitimate websites.
As a Victim:
If you are unluckily being kidnapped by ransomware, please:
- Disconnect your computer IMMEDIATELY from both wired and wireless network to avoid further impacts on shared network.
- Use another clean computer to change all the passwords (such as email, e-banking, etc.) which have been used or saved on the infected computer.
- DO NOT respond to any kidnapper by attempting payment and instead to report the incident to ITSC and the Police.
- Prepare a clean computer and restore the files and data from the backup.
- [HKCERT] Security Bulletin on "WannaCry Ransomware Encrypts Victim Data:
- Microsoft Security Bulletin MS17-010 – Critical
- Other Ransomware Variants
Please visit here for more Information Security tips.