WannaCrypt, the latest ransomware, information and how to protect yourself

Yorus

In the last two days, although it was known that this could happen, a Ransomware has come to light that has put many companies and institutions that were not prepared with their operating systems in check.

This particular "bug" is called WannaCrypt, and although what it does is similar to others like Cryptolocker, it differs from these by its ability to spread through local networks, taking advantage of a security hole in Windows systems that are not updated or older than Windows Vista, which allows it to spread through the network via the SMB protocol even if your user does not have access due to permissions. This hole was fixed by Microsoft by releasing the corresponding updates in March:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

How to avoid it?

Do not click on links in emails from which we do not know their origin and keep in mind that they will always try to pretend to be some service that we use and in the most realistic way possible. The same applies to links on websites, you should always use common sense.
If we use Windows Vista/2008 Server onwards, we must have the system fully updated. Using a pirated Windows is never a good idea.
As an exceptional measure, Microsoft has published the patches for Windows XP and 2003 Server that we should install manually:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Use antivirus prepared against ransomware or specific utilities such as the one from Malwarebytes or the one from Bitdefender.

What if it has caught us?

Disconnect the computer from the network immediately and turn it off.
It is recommended not to pay the ransom to not encourage these extortions and because no one assures you that you will be able to recover the data.
"Blessed are the cautious because of them will be the backups". Or in other words, if you have a backup, format, restore it and as if nothing had happened.

More information

For more information on how to act in case of infection, follow this link from the National Institute of Cybersecurity:

https://www.incibe.es/protege-tu-empresa/herramientas/servicio-antiransomware

And more information about what has happened in Chema Alonso's blog:

http://www.elladodelmal.com/2017/05/actualizacion-informativa-sobre-los.html