What to do when you WannaCry – 9 Steps to Fight Ransomware Now
The WannaCry ransomware has swept the globe – affecting more than 200,000 computers in at least 150 countries. Nothing is certain, but it looks like it is the work of a rogue state trying to cause global instability and gather cash to prop up a doomed regime.
Whatever the source, you need to prepare!
The cyber-security professionals of Centerpoint IT have carefully put together these 9 Steps to help your company weather this cyber-tsunami.
Step #1 – Ensure that you have a good backup, a respected antivirus, and up to date security patches in place.
If you don’t – you’re in trouble from the very beginning. If you need some help getting these foundational pieces in place, give the Centerpoint IT team a call NOW at (404) 781-0200. We can’t stress the importance of these essential security pieces enough.
Okay. Assuming that you have backup, antivirus, and security patches in place, let’s move on to Step #2.
Step #2 – Remove SMB1/CIFS
In all systems except for XP and 2003, you likely don’t need SMB1. Why? SMB2 and SMB3 are enough to get the task accomplished.
To remove SMB1, you can use PowerShell commands as shown here:
Alternatively, you can go to your control panel, find “Turn Windows Features On or Off,” and uncheck SMB1/CIFS.
If you are dealing with a server this is done through this path: Server Manager > Add Roles and Features > Roles
Step #3 Patch your computers
Steps 1 and 2 deal with the critical risk, now you can patch your computers. This can take some time. That’s why we have suggested to deal with SMB1/CIFS and adding firewalls rules before tackling patch updates. See the following links for instructions:
Send out a company-wide memo. Make sure it comes from someone who won’t/can’t be ignored. It should say something like…
This WannaCry ransomware is dangerous to your job and our company… (talk about ransomware’s impact).
It is imperative that you follow these guidelines on ALL work computers and ANY personal devices used for work.
If you get emails with suspicious attachments; even if it is from people you know do not click on the attachment. No harm in opening the email for reading. Forward any suspicious emails to IT department.
Be very cautious of what you click on while browsing. Do not click on random pop-ups!
If you accidentally click on a suspicious email or web link, immediately unplug the computer from the network and turn off the WIFI – even before calling IT support.
Follow these 9 Steps immediately and contact the Centerpoint IT cyber-security team to help your business weather this variant and the coming, next wave of WannaCry.
We’re here to help you through this – but you have to take the first step! Call (404) 781-0200 now.