How to Prevent #WannaCry Ransomware by Blocking These Ports!

0
Want create site? Find Free WordPress Themes and plugins.

If you’re already been infected by WannaCry infection maybe you should block these ports to avoid any damage to your computer.  Let’s start by blocking some ports.

Ports to block. info about these ports here: read

  • 445 “This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT, as the preferred port for carrying Windows file sharing and numerous other services.”
  • 137
  • 138
  • 139

Step 1: How to block these ports to prevent WannaCry?

You can do it by making some changes to your registry.

 

  • Click “Start”, “Run”, type “regedit” to open the registry.

  • Locate the registry key “HKEY_LOCAL_MACHINE\System\Controlset\Services\NetBT\Parameters”

  • Select “Parameters” New Right “DWORD Value.”
  • Rename the DWORD value as “SMBDeviceEnabled”
  • Right-click “SMBDeviceEnabled” select “Edit” in the “numerical data”, “0”

After completing step 1 you have to restart your computer and when your boot up completly now you have to make sure if that port us closed or not you can simply do it through CMD.

 

As you can see in the above screenshot mine is listening.. because i haven’t closed it for this article. And im not infected with WannaCry.. If you are infected with that you must have an established connection with there servers.

Step 2: Configure Firewall to Prevent WannaCry?

What dose Firewall do  to prevent this infected ports?

Basically it will prevent you to established connection with that infected servers which WannaCry is using And prevent you to connect to 445 port. So you need to add some inbound rules to block access for these ports.

Firewall Advanced Settings – Inbound rules – Right-click New Rule – Select UDP, the port number in the dialog box to write 445.

Step 3: Shut down the server service

Once your done with the firewall you have to stop those services which is using that port. In order to do that, Open up CMD with Administrator Permission.

Type:

After that you need to restart your computer again.

Disable SMBv1


WannaCryToolkit scanner and removal toolkit

Trustlook has released a scanner and removal toolkit to help system administrators protect Windows computers that are either vulnerable to or have been infected with the dangerous strain of ransomware known as WannaCry.

Installation:

Usage:

1. Run

tl_wannacry_console.exe and tl_wannacry_no_console.exe prevent WannaCry Ransomeware to encrypt user’s files.

The two tools works pretty much the same, except tl_wannacry_console.exe comes with a console to show some progress information. tl_wannacry_no_console.exe runs in background.

Users may want to add tl__wannacry_no_console.exe to Windows startup script, so everytime user start his computer, Trustlook WannaCry Vaccine Tool will start prevent your system from being affected.

2. Add to Windows startup script

add tl_wannacry_no_console.exe value to following register script

Add to windows startup script:

 

Did you find apk for android? You can find new Free Android Games and apps.