Windows 10: WannaCry

I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.

Which upgrade do I need stop the latest ransom from England or where ever?

I just received my last Update around 5/11/2017. The only thing different, that I see, is that the border around the Windows was black now it's no color (flat).

Is this the one with ransom update?

I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.

Don Cole

:)

 

How can I decrypt wncry files?

You currently cannot decrypt your files for free.

Please see:
https://www.bleepingcomputer.com/virus-removal/remove-wannacry-wana-decryptor-ransomware

If you need more help, best to ask here:
Wana Decryptor 2.0 / WannaCry Help & Support Topic.

 

Does Wannacry virus work on all drives

WannaCry is a worm that spreads by exploit in a weakness found in Microsoft Windows
which was formerly exploited by the US National Security Agency (NSA) and targets unpatched systems. The WannaCry worm speads via an operation targeting vulnerable SMB ports and then uses the NSA-leaked exploit to infect a network.

• WannaCrypt ransomware worm targets out-of-date systems
• Wana Decrypt0r Ransomware Using NSA Exploit Leaked by
  Shadow Brokers
• Say Hello to 'WannaCry'
• Ransomware infections reported worldwide
• WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
• The worm that spreads WanaCrypt0r
• How did the WannaCry Ransomworm spread?

According to
Cisco Talos, WannaCry encrypts everything in terms of connected or networked devices..."it checks for disk drives, including network shares and removable storage devices mapped to a letter, such as 'C:/', 'D:/' etc."

Microsoft Customer Guidance for WannaCrypt attacks

How to Protect yourself from the WannaCry or Wana Decryptor Ransomware

How to protect yourself from WannaCry ransomware

 

I think the previous month's update was the first to have the fix in it. If Windows Update says you are up to date then you're protected.

 

That is partially true. Windows updates prevent you from being infected by this without your intervention.
But you could still get infected, if you would run it by yourself, like by running an unknown email attachment.

That is why, you always need to do regular backups. AV will usually not detect it, until after it is too late.

 

Hi Don,
Just to be clear:
The WCry ransomware does 2 things:
1. it encrypts your data for a ransom
2. it spreads via a worm which exploits an SMB1 vulnerability
So, updating your system closes the SMB1 vulnerability and prevents the thing from spreading, but it can still infect your system.

See this post for the link to the Security Bulletin:
Privacy and Security – How do I Protect Myself ? - Page 4 - Windows 10 Forums

You want to make sure the particular KB is installed for your OS.
.

 

Another option is to simply disable SMB1 in Windows, to prevent spreading.





This will not, however, prevent encryption.

 

Do any essential programs / services need SMB 1.0 support?

 

I can't remember exactly, but seems someone said you might lose access to a NAS if it's setup that way (which supposedly it shouldn't be?) Not too sure - would have to google that myself. *Wink

 

Here is some information on SMB 1.0 Hope this explains it a little more.

If you don’t need to support an older SMB version for computers running Windows XP or Windows Server 2003, you can disable this function to reduce the system load and improve security

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage.

When you use SMB1, you lose key protections offered by later SMB protocol versions:

Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.

Bottom line is SMB 1.0 should be Disabled, just like simrick has posted.

 

Thanks. I'm going to disable this since I only use Windows 10 for home use. Is there any other legacy stuff enabled by default we can safely disable for improved security?

 

As long as you keep your Windows 10 Home updated with the latest updates, you should be just fine. Windows released some security fixes for this just a few days ago.

 

As others have mentioned, you can still get infected, just not by someone else on your network.

There is no way to prevent infections where you deliberately run a program. That program will have access to any files you have access to (one of the reasons for UAC is to prevent a virus from infecting system files, or files for other users who also use that PC).

 

what are disadvantages of turning this feature off as i don't no if i even use it windows 10 Pro here??

 

I have just checked my PC and found that SMB 1/CFIS is ticked by default. Why is this the case? Sould it not be a feature that is normally disabled instead?