[KB6481] ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure those Windows vulnerabilities are patched

Details

Solution

ESET detects and blocks this threat and its variants (such as WannaCryptor.D). ESET identifies this threat as Filecoder.WannaCryptor

On systems not protected by ESET, a Windows exploit called EternalBlue can be used to introduce WannaCryptor. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:

  • Make sure that ESET Live Grid is enabled in your ESET product.
     
  • Make sure that your ESET software is upgraded to the latest version and running most up-to-date detection engine.
     
  • Follow the steps in the section below to make sure your system is patched against the EternalBlue exploit.

Make sure your system is patched against the EternalBlue exploit 

ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.

Windows 10 users: If you are using Windows 10 with a serv.sys version of 10.0.14393.187 or later, your system is already patched and you are protected against EternalBlue. Note that the checker tool will still display that your computer is vulnerable when this or a later version is in use. You can verify the version you have used in the command window, as shown below.

Figure 1-1
Click the image to view larger in new window


Follow the steps below to check your system for vulnerabilities using the ESET EternalBlue Checker:

  1. Download the installer file for the tool below:

https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe

Double-click the installer file to run the tool.

  1. If the tool finds a vulnerability in your system due to missing Microsoft patches, Your computer is vulnerable will be displayed.

Figure 1-2

  1. Press any key to open the Microsoft Windows update page. Click Microsoft Update Catalog in Method 2: Microsoft update Catalog section.

Figure 1-3
Click the image to view larger in new window

  1. On the Microsoft Update Catalog page, find your operating system in the Products column and click the Download button next to your system.

Figure 1-4
Click the image to view larger in new window

  1. Click the link in the Download window to download the security update for your system.

Figure 1-5

  1. After the security update has been installed, restart your computer.
     
  2. After the computer has restarted, run ESETEternalBlueChecker.exe again to verify that the security update installed correctly and your system is no longer at risk. If the security update was installed correctly, Your computer is safe, Microsoft security update is already installed will be displayed.

Figure 1-6

  • Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
     
  • Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
     
  • Disable or restrict Remote Desktop Protocol (RDP) access (see Remote Desktop Protocol best practices against attacks).
     
  • Disable macros in Microsoft Office.
     
  • If you are using Windows XP, disable SMBv1.

For more detailed information about how you can use ESET to protect your systems from ransomware infections, see the following Knowledgebase article:

ESET protects against WannaCryptor ransomware: Learn more. (Business users, click here.)

ESET Support Services