The latest Wannacry and Petya attacks have both used an outdated and very rarely used windows protocol, and by default it is enabled in Windows10, 8 and 7!
SMB stands for Server Message Block protocol and has now been superceded by SMBv2 and SMBv3 which are fine to be left enabled.
So how do you disable this redundant protocol you ask?
If you are on Windows10 and have installed the Creators Update, then Microsoft have disabled this protocol by default.
If not and you are running Windows10 or Windows8 then follow these steps;
1. Go to the control panel, select Programs. Under Programmes and Features select Turn Windows Features On or Off.
2. Scroll through the list and untick SMBv1
3. Restart the PC
Youre Done - and a lot safer!
Windows7 is much harder and requires a registry edit, but the process is detailed below;
Before you start be warned - editing the registry can cause your system to become unstable or potentially inoperable - I strongly suggest that you back up the registry and your computer before attempting this
1. Click start and then type regedit and click on regedit.exe
2. Navigate, using the left hand navigation pane, to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
3.Right-click the Parameters key and choose New > DWORD (32-bit) Value.
4.Name the new value SMB1 . The DWORD will be created with a value of “0”, and that’s correct. “0” means SMBv1 is disabled. You will not need to edit the value after creating it.
5. Thats it ! All you need to do now is close the registry editor and restart the machine for the changes to take affect.
We have all heard in the news the latest spree of cyber attacks on the NHS and major business around the world over the last few weeks.
Their aim was to encrypt the data of their targets and ransom the cypher keys, although it has become pretty clear that the majority did not pay anything.
The disruption caused though was catastrophic, just look at the number of operations that were cancelled by the NHS!
There are several preventative measures that you can put in place to help prevent this kind of attack, and also disaster recovery measures that can get you back to normal as soon as possible.
1. Ensure you have a good anti-virus protection suite installed on your computer, and ensure it is updated regularly.
I personally recommend Avira Security Suite which can be downloaded free from this link avira.com
2. Ensure windows update is set to automatic - although we all know windows updates can be a pain in the proverbials, most updates are security related and it is important that these updates are installed.
3. Be extra careful about what you click on. especially when it attached to an email - most ransomware attacks so far have been attached as a zip file to emails - so beware of anything zip!!
OK - so you get the dreaded screen saying you have been hacked, your data has been encrypted or your web browser behaves very strangely, so what can you do to get going again?
The first rule of using anything digital is to ensure you take a regular backup of all your important data - photographs of the kids growing up, latest VAT returns and all that kind of stuff should always stored in two places.
This can be in the form of usb memory sticks, external hard drives or cloud storage such as google drive. There are many options but they should be separate from your PC as the attack could effect anything attached to the PC as well.
There are various types of backup - you can do a full backup of your PC including a system image which allows you to fully resore your PC using recovery media, or a backup of just your data. In the second case you will need to re-install your operating system before restoring your data.
I hope this quick guide has been of use, but if you would like to know anything else please give me a call on 07838 954704 or use the contact form on my website www.shropshireitman.co.uk/contact-me