How to protect my Windows machine from Wanna Cry (Wanna Crypt) ransomware attack and how to remove Wanna Cry?

Question

When i wrote this question in SuperUser there was not any information and solution about Wanna Cry attack in SuperUser. So this is not a duplicate question and has special information and useful solutions for you about Wanna Cryattack.

• How to protect my Windows (Client|Server) from the popular Wanna Cry (Wanna Crypt)?
• What to do if my system is affected to WannaCry?
• How to remove it?
• How Wanna Cry work?

Answer 1

Protect your Windows (Server|Client) from Wanna Cry

What is Wanna Cry attack?

The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm targeting the Microsoft Windows operating system.

The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.

.

---

.

☼ How to protect my Windows?

Don't worry, just follow bellow instructions:

• A) Run your Windows Update from control panel and get last updates and install them.

Microsoft says: A wide-spread ransomware attack, WannaCrypt, targets out-of-date Windows devices. Given the severity of this threat, immediately update your Windows devices.

• B) Disable SMBv1 feature of your windows. For any reason if you can not get latest updates of window, then disable SMBv1 feature.

EternalBlue exploits vulnerability MS17-010 in Microsoft's implementation of the Server Message Block (SMB) protocol.

• C) Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

• D) Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update. Windows Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. .

---

How to block incoming SMB traffic on port 445 Lunch the windows Cmd (Run As Administrator) and write the following command:

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

.

---

☼ How to gracefully remove SMB v1 in Windows 8.1, Windows 10, Windows 2012 R2, and Windows Server 2016

• Windows Server: Server Manager method

• Windows Server: PowerShell method (Remove-WindowsFeature FS-SMB1)

• Windows Client: Add or Remove Programs method (Turn On/Off Windows Features)

• Windows Client: PowerShell method (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol)

.

---

☼ What to do if my system is affected?

Update:

Don't reboot your system and test this WanaCry Removers:

• Wannakey
• Wanakiwi

There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see our ransomware page for help on what to do now.

Run antivirus or antimalware software

Use the following free Microsoft software to detect and remove this threat:

• Windows Defender for Windows 8.1 and Windows 10, or Microsoft Security Essentials for Windows 7 and Windows Vista
• Microsoft Safety Scanner You should also run a full scan. A full scan might find hidden malware.

Use cloud protection

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.

To check if it's running, go to All settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.

---

☼ How it work?

Read here...