Wannacry, even with the damage it has created, could and should be a useful case to keep us from repeating the same mistakes.
Keep the system up to date. First of all, if you use supported, but older versions of a Windows operating system, keep the system up to date or simply upgrade to Windows 10.
If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft .
Enable the next generation firewalls with IDS and, if it is already present, change the firewall configurations to block access to SMB ports on the network or the Internet.
The protocol works on TCP ports 137, 139 and 445 and on UDP ports 137 and 138.
Disable SMB: Follow the procedures described by Microsoft to disable server message blocking (SMB).
Keep your antivirus software up to date: virus definitions have already been updated to protect you from this latest threat.
Backup regularly to always have a backup of all-important files and documents and keep them on an external storage device that is not always connected to the PC.
Beware of phishing: always suspect unsolicited documents sent an e-mail and don’t click on the links inside these documents unless the source occurs.
Never open email attachments of dubious origin. If in doubt it is advisable to ask the sender if that email is genuine!
Pay attention to emails even from known addresses (they may have been hacked according to a falsification mode known as “spoofing”).
Enable the option ” Show file name extensions ” in the Windows settings: the most dangerous files have the extension .exe, .zip, js, jar, scr, etc. If this option is disabled we will not be able to see the actual file extension.
Disable the automatic reproduction (“autorun”) of USB sticks, CD / DVDs and other external media and, more generally, avoid inserting these objects into our computer if we are not sure of the origin.
Implement the use of Sandboxing: these tools are generally present in UBA systems (as described in the previous point) and allow you to analyze suspicious incoming files in an isolated environment (precisely the “sandbox”).
Make sure that the plugins you use (Java, Adobe Flash Player, etc.) are always up to date. These plugins – it is known – represent a preferential way of entry for most cyber attacks. Having them always up to date reduces the vulnerabilities they are suffering from (even if they do not completely eliminate them).
Always be careful before clicking on banners (or pop-up windows) on unsafe sites. As I have already explained, ransomware can affect us not only through phishing, but also by visiting sites that have been “infected”, with the mode called “drive-by download”.
It is the best solution, the only one that should be taken into consideration if we have worked carefully and we have organized ourselves with a correct management of periodic saving of our data. Obviously to make a restore it is necessary to have a backup copy that is available, recent and working.
If we are in possession of a usable backup, we must, however, proceed with a cleanup of the infected machine (or machines), before the data is restored. The remediation can be done with multiple antivirus scans to make sure that the malicious software has been removed, but to be 100% sure that there are no more traces of any type of malware, it is advisable to proceed with a complete formatting of the attacked machine. Only then can data be restored from backup
Remove the disk with the compromised files from the machine and set it aside: it could happen that in the future someone will be able to find the decryptor to decrypt those files of ours, which could be recovered. It could be months, but it could happen …
Or (for the same reason) make a backup of the encrypted files and then reclaim the machine anyway.