WannaCrypt3r 2.0 (WannaCry) Virus

WannaCrypt3r 2.0 (WannaCry) Virus
Portakal
30 / 07 / 2019

WannaCrypt3r 2.0 (WannaCry) Virus
WannaCrypt3r 2.0, which is the latest version of the ransom viruses that make a name for us in Turkey with CyriptoLocker virus, is also called WannaCry; it is spreading along using an old vulnerability of the Windows operating system, which was patched in March. If you do not regularly update Windows, or if you are using an older version of the Windows operating system; both your computer and other computers on your network may be in a big danger.

What is Ransom Virus?
ransom viruses encrypt files stored on devices such as computers, smartphones or tablets, and are malicious software that requests ransom from users in exchange for decryption of these passwords. The most populars are CryptoLocker, CryptoWall and Fusob.
To illustrate the extent of the virus's damage, it has spread to 74 countries in 10 hours, affecting more than 200,000 computers, even at the weekend. Most companies had to stop their operations, while some companies tried to recover from the backup, while others tried to recover their encrypted files by making a payment of US $ 300.
With the start of the shift at the beginning of the week, the scale of this disaster is expected to be larger throughout the world. It is estimated that the hacker group that has spread the virus has received ransom over 100,000 USD so far.
Some of the foreign banks, servers and ATMs are also affected by this virus. The most striking influence in our country was the Renault factory. The factory halted production until Monday.

What Can Be Done ?
Let's do what is necessary to prevent the spread of the virus. To prevent the spread of the virus; It is sufficient to close the TCP 139, TCP 445, UDP 137, UDP 138 ports. Of course, closing these ports only prevents the spread of the virus from the network. After this process, the infected machines need to be cleaned or reinstalled.
Windows XP, Vista, Windows 7, Windows 8, which has not supported by Microsoft, for a long time, has also a released special patch for this virus. Patches can be downloaded from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx so you can take action on your virus-free computers.
In addition, it is important that you use an antivirus program that is regularly updated and invest in a system that buys regular backups so like that you are not affected by such pests.

If you still have virus-infected computers, you may only recover some of your files from the C drive. With the program called Shadow Copy, some files can be recovered using shadow files created by the operating system. You can download the program from http://www.shadowexplorer.com/downloads.html.

Protective Preventions
To avoid such damage, taking precautions is always a less costly and more accurate method. Portakal Software provides professional services for your company's IT service needs. You can call us for detailed information and support.