[KB6481] ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure those Windows vulnerabilities are patched

Issue

• Your ESET product detects the threat Filecoder.WannaCryptor or a variant of this threat
• Ensure your system is patched against the EternalBlue exploit

Solution

ESET detects and blocks this threat and its variants (such as WannaCryptor.D). ESET identifies this threat as Filecoder.WannaCryptor.

On systems not protected by ESET, a Windows exploit called EternalBlue can be used to introduce WannaCryptor. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:

• Ensure that ESET Live Grid is enabled in your ESET product
• Ensure that your ESET software is upgraded to the latest version and is running the most up-to-date detection engine
• Warn colleagues who frequently receive emails from external sources—for example, financial departments or Human Resources
• Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch
• Disable or restrict Remote Desktop Protocol (RDP) access, see Remote Desktop Protocol best practices against attacks
• Disable macros in Microsoft Office

For more detailed information about how you can use ESET to protect your systems from ransomware infections, see Best practices to protect against Filecoder (ransomware) malware.

Ensure your system is patched against the EternalBlue exploit

ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.

Follow the steps below to check your system for vulnerabilities using the ESET EternalBlue Checker:

1. Download ESET EternalBlue Checker.

2. Double-click the downloaded file to run the tool.

3. If the tool finds a vulnerability in your system due to missing Microsoft patches, Your computer is vulnerable will be displayed.

   

4. Press any key to open the Microsoft Windows update page. Click Microsoft Update Catalog.

5. On the Microsoft Update Catalog page, find your operating system in the Products column and click the Download button next to your system.

6. Click the link in the Download window to download the security update for your system.

7. After the security update has been installed, restart your computer.

8. After the computer has restarted, run ESET EternalBlue Checker again to verify that the security update was installed correctly and your system is no longer at risk. If the security update was installed correctly, Your computer is safe, Microsoft security update is already installed will be displayed.