0

What is a ransom ware and how to protect from it as of my previous post here


What is ransomware?

Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.

How does it work?

When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

How is the NSA tied in to this attack?

Once one user has unwittingly installed this particular flavour of ransomware on their own PC, it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was first revealed to the world as part of a huge leak of NSA hacking tools and known weaknesses by an anonymous group calling itself “Shadow Brokers” in April.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn’t be used to spread malware between fully updated versions of its operating system. But for many reasons, from lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wide scale.

HOW TO PROTECT YOURSELF FROM RANSOMWARE Wannacfy@2.o
URGENT: Protection against WannaCry Malware
If you don't know what this is, Google "WannaCry".
=================================
This is only for Win 8 or higher
=================================
1- Start Menu
2- Search for windows power shell
3- Run it as admin
4- Paste this using right click then press Enter
Set-SmbServerConfiguration -EnableSMB1Protocol $false
5- Paste this to check then press Enter
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
ransomware_pic_with_powershell
If #5 shows you that SMB1 is false like the 2nd pic, you're good to go, if not then lemme know so I can explain further or guide you through.
And make sure you install the latest updates because Microsoft patched it.



Next
This is the most recent post.
Previous
Older Post

Post a Comment

Thanks for your comment..!!

 
Top