Post by rafivaiislam23 on Mar 11, 2024 6:25:54 GMT
In mid-May, one of the largest attacks on a global scale was recorded. We are talking about approximately 74 countries that have gone haywire and thousands of compromised computers, including home users, businesses, public administrations and healthcare facilities. All infected by the infamous WannaCry ransomware (also called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). wannacry security But what exactly does it do and how can we protect ourselves? Let's see it WannaCry: what is it? WannaCry is a ransomware that infects Windows systems (both desktop and server ) through multiple attacks including phishing, but the most dangerous one is infection via a known vulnerability (which Microsoft closed a few months ago thanks to automatic updates). This vulnerability is in the Windows RDP protocol (i.e. the Remote Desktop) and SMB (Server Message Block) and has the almost unique peculiarity: it is completely invisible to the end user (it does not require user action).
Once the PC is infected, two things happen: begins a scan of the network to Hong Kong Phone Number Data which the infected PC is connected to replicate on other PCs carries out encryption of all the files on the disk and asks (through a mask) a ransom in BitCoin within a certain hour to have the unlock key and restore the files. Once the established time has passed, the amount increases dramatically This is one of the masks (variants) that will appear on the screen: wannacry screenshot The ransom is in BitCoin, i.e. via untraceable virtual currency and the window also explains how to purchase it by converting real money. Unfortunately, many users were forced to pay while others lost all their data. It is therefore clear that WannaCry is an internet "demon", which destroys anything unless a ransom is paid. The problem is enormous: let's think about the United Kingdom case, with several hospitals (NHS) affected by ransomware and entire departments blocked for days at a time. Large companies, including FedEx, Renault, Deutsche Bahn, MegaFon, Sberbank, Telefónica and others were also attacked with sectors completely blocked.
How can we protect ourselves? It goes without saying that the best way to protect yourself is to keep your Windows PC and server up to date by enabling automatic updates. Windows Update Screen For those who have a Microsoft Server Windows 2016 and Microsoft Server Windows 2012 (all versions), we recommend two additional operations that further raise the security level of the server: RDP port change Protect the RDP port via Firewall For the first operation, we can act directly from the system registry: Simultaneously click the button + R , which will open the “Run” window. Type the regedit command and enter: windows run regedit The Windows Registry Editor will open. Now we navigate the right tree looking for the registry key HKEY and edit it in Decimal mode . The default power is 3389, change it to another non-standard one not used by other services, for example with 43389 windows regedit Let's restart the server (ATTENTION: before restarting, make sure the new port is open on the firewall) After the restart, the RDP service will have port 43389 (as in the example).