[KB6481] ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure those Windows vulnerabilities are patched

Details

Solution

ESET detects and blocks this threat and its variants (such asWannaCryptor.D). ESET identifies this threat asFilecoder.WannaCryptor.

On systems not protected by ESET, a Windows exploit called EternalBlue can be used to introduce WannaCryptor. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:

  • Make sure thatESET Live Grid is enabled in your ESET product.
  • Make sure that your ESET software is upgraded to the latest version and running most up-to-date detection engine.
  • Follow the steps in the section below to make sure your system is patched against the EternalBlue exploit.

Make sure your system is patched against the EternalBlue exploit

ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.

Windows 10 users: If you are using Windows 10 with a serv.sys version of 10.0.14393.187 or later, your system is already patched and you are protected against EternalBlue. Note that the checker tool will still display that your computer is vulnerable when this or a later version is in use. You can verify the version you have use in the command window, as shown below.

Figure 1-1
Click the image to view larger in new window


Follow the steps below to check your system for vulnerabilities using the ESET EternalBlue Checker:

  1. Downloadthe installer file for the tool below:

https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe

Double-click the installer file to run the tool.

  1. If the tool finds a vulnerability in your system due to missing Microsoft patches,Your computer is vulnerablewill be displayed.

Figure 1-2

  1. Press any key to open theMicrosoft Windows update page. ClickMicrosoft Update CataloginMethod 2: Microsoft update Catalog section.

Figure 1-3
Click the image to view larger in new window

  1. On theMicrosoft Update Catalog page, find your operating system in theProductscolumn and click theDownloadbutton next to your system.

Figure 1-4
Click the image to view larger in new window

  1. Click the link in the Download window to download the security update for your system.

Figure 1-5

  1. After the security update has been installed, restart your computer.
  2. After the computer has restarted, run ESETEternalBlueChecker.exe again to verify that the security update installed correctly and your system is no longer at risk. If the security update was installed correctly,Your computer is safe, Microsoft security update is already installedwill be displayed.

Figure 1-6

  • Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
  • Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
  • Disable or restrict Remote Desktop Protocol (RDP) access (seeRemote Desktop Protocol best practices against attacks).
  • Disable macros in Microsoft Office.
  • If you are using Windows XP,disable SMBv1.

For more detailed information about how you can use ESET to protect your systems from ransomware infections, see the following Knowledgebase article:

ESET protects against WannaCryptor ransomware:Learn more.(Business users,click here.)

ESET Support Services