Ransomware - Wannacry/wcry and everything else ...
Ransomware in general is something none of us wish to deal with. The latest Wannacry problem is worse. This is not because of what it is but rather of the extent to which it has affected our users. There have been a plethora of great suggestions all over this site. I would add to those with the following suggestions:
• Completely check your system for viruses with a reputable virus checker
• Check any suspected files and or links at virustotal.com
• Make sure you have a tested versioning backup system
• Do a complete scan of your system
o Make sure all your programs and your operating system is up to date (even old Windows OS’s now
have updates, like windows XP – check the Microsoft website and do a windows update)
o If you are unable to do updates on your own machine due to company policy, make sure that your IT
department is doing the updates.
• Do not, click on an attachment in your email, even if it is from someone you know – call them up and check
that they sent it – they’ll understand.
Whenever I touch a system I do a “ransomware check” which involves the following:
• Create a blank text file called myapp.txt in the root drive (c:\) and rename it to myapp.exe
• Run FoolishIT’s Cryptoprevent
• Install an anti-ransomware tool such as BD Antiransomware, MBAM Antiransomware, Kaspersky
Antiransomware for business, etc.
• Run SpyBHORemover and SpyDLLRemover from securityxploded.com
• Run a full scan
• Disable Autorun and Autoplay
The rest of what I do involves anti virus procedures. It is important to do all of this at the very least to protect your systems. I highly recommend using tools/software such as Cylance, SentinelOne, MBAM, Kaspersky, etc.