Skip to main content

Computer & Information Networking Center

Spotlight-2017

:::
  • Tel:
    +886-2-3366-5022
    +886-2-3366-5023

    Mail:
    cchelp@ntu.edu.tw

:::
Huge Cyberattack - The "WannaCry" ransomware
  • Date:2017-5-24

May 12, 2017, a new transformed ransomware WannaCry(WannaCrypt0r 2.0) exploded, no need to open a single file or a website, a mere internet connection could cause attack, infection, and data blocked for ransom. The ransomware evolved into a new variation combining a SMB protocol vulnerability in Windows, which appears to have used a flaw in Windows XP/Vista/7/8/8.1 to spread rapidly across network in 150 countries.

Cyber-attack

Once the hacker found a vulnerable computer with a SMB vulnerability exposing port 445 on the Internet, they inject ansomware into the computer and continue to scan other computer, repeating the attack and poisoning.

Self-detect setps

  1. Turn of the Internet connection(both wired and wireless network)
  2. Check System Explorer, if you see taskche.exe or mssecsvc.exe, shut down the computer(cut of the power source), you are already infected.
  3. Reboot in the safe mode(F8), copy the remaining unblocked files. Or just simply reformat your computer.
  4. Basically, Windows 10 would not be infected, though when the browser came up with a warning message, DO NOT click download restoration, it’s another way to activate the virus.

Self-detect setps

  1. Open Windows Update and update to restore the system flaw.
  2. Backup data files( no need for system files)
  3. Be careful when opening website links and files
  4. Install anti-virus software and keep the update for virus code on
  5. Block the TCP port 445(shown on the following pictures)

Steps for blocking TCP port 445:

Step1: Start ->control -> click control Panel
Image1

Step2: click Windows firewall
Image2

Step 3 : Advanced Setting
Image3

Step 4 : click Inbound Rules the left coloumn, then New Rule on the right column.
Image4

Step 5 : select port -> next
Image5

Step 6 : select TCP - > Specific local ports -> add 445 -> next
Image6


Image7
Step 7 : block connection - > next

Step 8 : next
Image8

Step 9 : name : block 445 port -> finish
Image9