IT Support Solutions

Home and Business

Server and Networking Solutions

Business Continuity / Disaster Recovery

Free Call Out & Evaluation of Problems

Feel free to Call For Advice
Same Day Repair

Malware and Virus Removal

Slow PC or Laptop?

Wifi Issues sorted - Business and Home

Smart TV, Smart Box, YouView

Tuesday, July 25, 2017
We have 36 guests online

Latest News

PDF Print

This article is to help clear up any questions with the Wannacrypt,WannCry, ransomeware virus:-

 

What is a ransomeware virus?

Ransomeware is a computer virus that is generally designed to encrypt your files on your machine and request you to pay an amount of money (generally in Bitcoin)

So you can get these files back.

Bitcoin - A bitcoin is an electronic currency which has very little trace-ability

How would I know if I am infected with this virus?

If the virus is successful in what its is doing, your machine will be showing a screen explaining your files have been encrypted and offering a way to pay to get the un-encrypted, you will also not be able to open any of your files.

I would like to check my machine , or I think I may have this virus?

download and run the following utility which will detect any ransomeware and stop it running

https://ransomfree.cybereason.com/

 

How did this happen?

One way is via an attachment in an email, once the virus is opened from the email (and any antivirus has not picked this up) the program will run on the machine it is opened and then transfer via port 445 SMBv1 port on your network to other machines that have SMBv1 running (these are generally older machines, such as windows XP)

The WannaCry virus can also get in via a badly configured router/firewall which connects you to the outside world, the virus can look over the WWW for any routers that allow port 445 through them and to the internal network. If there are any vulnerable machines on the internal network it can replicate internally over port 445 just the same way as if that user had opened a dodgy email

You can test for this open port from the internet to your internal network by going to this page:-

http://www.yougetsignal.com/tools/open-ports/

The web page will pick up your public IP address

Insert 445 in the port and click check

It should be closed

 

The main thing is to make sure you have updated your windows security patches, this means running windows updates on all operating systems until they are completely up to date, if you have an older operating system, Microsoft have made some manual updates available for these, which can be found here:-

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598