X

How to protect yourself from WannaCry ransomware

The ransomware attack is holding computer systems hostage worldwide. Here's what you need to know to keep yourself as safe as possible.

Joshua Goldman Managing Editor / Advice
Managing Editor Josh Goldman is a laptop expert and has been writing about and reviewing them since built-in Wi-Fi was an optional feature. He also covers almost anything connected to a PC, including keyboards, mice, USB-C docks and PC gaming accessories. In addition, he writes about cameras, including action cams and drones. And while he doesn't consider himself a gamer, he spends entirely too much time playing them.
Expertise Laptops, desktops and computer and PC gaming accessories including keyboards, mice and controllers, cameras, action cameras and drones Credentials
  • More than two decades experience writing about PCs and accessories, and 15 years writing about cameras of all kinds.
See full bio
Rick Broida Senior Editor
Rick Broida is the author of numerous books and thousands of reviews, features and blog posts. He writes CNET's popular Cheapskate blog and co-hosts Protocol 1: A Travelers Podcast (about the TV show Travelers). He lives in Michigan, where he previously owned two escape rooms (chronicled in the ebook "I Was a Middle-Aged Zombie").
See full bio
Joshua Goldman
Rick Broida
4 min read
Watch this: Why the WannaCry cyberattack is so bad, and so avoidable

The battle against the WannaCry ransomware continues. (In many spaces it's referred to as WannaCrypt. There appears to be no substantive difference between the two.)

The attack, which started on Friday, locked people out of their computers and encrypts their files, demanding they pay up to $300 in bitcoin -- a price that doubles after three days -- to receive a decryption key or risk losing their important files forever. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.

More on the WannaCry ransomware attack

The ransomware was slowed by a security analyst last week after discovering a kill switch in its code, but has since been updated without the kill switch, allowing it to grow further. WannaCry has now reached more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.

Though it might seem to be an issue for only businesses, institutions and governments, individuals are at risk, too, as WannaCry targets a Windows operating system flaw in older versions of the OS that have not been patched.

Important hat tip: The information herein comes largely from How to defend yourself against the WannaCrypt global ransomware attack by ZDNet's Charlie Osbourne.

These OSes are affected

The attack exploits a vulnerability in older Windows operating systems, namely:

  • Windows 8
  • Windows XP
  • Windows Server 2003

If you're using a more recent version of Windows -- and you've stayed up up-to-date on your system updates -- you should not be vulnerable to the current iteration of the WannaCry ransomware:

  • Windows 10
  • Windows 8.1
  • Windows 7
  • Windows Vista
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

But the reverse applies, too: If you haven't been keeping those newer versions of Windows updated, you'll be just as vulnerable until and unless you do.

If you're using MacOS, ChromeOS or Linux -- or mobile operating systems like iOS and Android -- you don't have to worry about this particular threat.

Update Windows immediately

If you're using one of the newer versions of Windows listed above (10/8.1/7, etc.) and you've kept your PC up-to-date with automatic updates, you should've received the fix back in March.

In the wake of WannaCry, Microsoft issued rare patches on the older versions of Windows it no longer formally supports to protect against this malware. Here's where you can download these security updates:

The full download page for all Windows versions is available here.

Turn Windows Update on if it's disabled

It's not uncommon for people to disable Microsoft's automatic updates, especially because earlier iterations had a tendency to auto-install even if you were in the middle of work. Microsoft has largely fixed that issue with the current version of Windows 10 (the recent Creators Update). If you have disabled automatic updates,, head back into Control Panel in Windows, turn them back on and leave them on.

Install a dedicated ransomware blocker

cybereason-ransomfree.jpg
Enlarge Image
cybereason-ransomfree.jpg

Cybereason Ransomfree is a free utility designed to block threats like WannaCry.

 Screenshot by Rick Broida/CNET

Don't assume that your current antivirus utility -- if you're using one at all -- offers protection against ransomware, especially if it's an outdated version. Many of the big suites didn't add ransomware blocking until recently.

Not sure if you're protected? Dive into your utility's settings and see if there's any mention of ransomware. Or, do some web searching for the specific version of your product and see if it's listed among the features.

If it's not, or you're pretty sure you don't have any kind of safeguard beyond your patched version of Windows, install a dedicated anti-ransomware utility. Two free options: Cybereason Ransomfree and Malwarebytes Anti-Ransomware (currently in beta).

Block port 445 for extra safety

MalwareTech, whose security analyst on Friday briefly slowed the worldwide attack of the WannaCry ransomware posted to Twitter that blocking TCP port 445 could help with the vulnerability if you haven't patched your OS yet.

Keep watching for mutations

Just because there's a patch doesn't mean you'll always be protected. New variations of the ransomware have popped up without the Achilles heel and bearing the name Uiwix, according to researchers at Heimdal Security.

Can I get ransomware on my phone or tablet?

Ransomware in its current form -- most notably WannaCry/WannaCrypt -- is a Windows-specific form of malware. It's designed to target the Windows operating system and the files contained therein, so it's not a threat to mobile OSes like Android and iOS. That said, you should always exercise the same cautions when it comes to suspicious links in emails and on websites: When in doubt, don't tap.

What if I'm already infected?

At the moment, it appears there's no way to reverse the encryption for free. That's why many individuals and organizations often end up paying the ransom if their computers are already locked down (especially if they don't have a recent remote or cloud backup). However, Bleeping Computer has a guide to removing the ransomeware. While CNET has not independently verified the efficacy of that process, it's important to note that the malware remains on afflicted PCs even after they've been unlocked.

In other words, even if you pay the ransom, you'll still have work to do.

Cloud storage may help

If you're using a cloud-backup tool like Carbonite, you may be able to recover all your WannaCry-encrypted files by accessing earlier versions of them. And cloud-storage service Dropbox keeps snapshots of all changes made to files in the past 30 days. This is a very good time to investigate whether your online backup or storage provider does indeed keep rollback versions of your files, just so you know whether you have an option other than paying the ransom!

CNET News reporter Alfred Ng contributed to this story.

Computing Guides

Laptops
Desktops & Monitors
Computer Accessories
Photography
Tablets & E-Readers
3D Printers
Computing Coupons