WannaCry Ransomware cyber attack: Do’s and Don’ts to prevent hacking

The detection of the first WannaCry Ransomware virus  in Berhampur city hospital today has put the state government and IT ministry in particular on high alert. Besides issuing advisory, the IT department has been convening review meetings with OCAC, NIC and IIIT to deal with the bug. The crime branch chief had also warned about the possible attack a day ago through a tweet message.

The WannaCry Ransomware cyber attack has already affected over 2 lakh computers across the world hampering functioning of several companies and government offices.

However, here are the basic Do’s and Don’ts one can follow to avoid any such possible attack and keep their computers safe:

  • Install the May Windows Update bundles immediately. Shutting down your system for a few minutes will be worth it, if it enables you to avoid this. If you’re still using Windows XP, you’re out of luck, but the March and April update bundles are available for Windows Vista.
  • In order to prevent the virus, users and organisations should apply relevant patches to Windows systems as mentioned in the Microsoft Security Bulletin MS17-010. The malaware has been targeting commonly used office file extensions such as Power Point, Word, Excel, and image file extensions such as .tiff, .raw. So keep away from such files.
  • This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protection.
  • Users should maintain an updated antivirus software, regularly check for integrity of the information stored on databases and not open attachments attached to the mails from unknown sources.
  • Individuals or organisations are not encouraged to pay the ransom, as this does not guarantee files will be released. Inform the Cyber cell and CERT-In if you are a victim of Wannacry Ransomware.
  • Keep two files of your data and documents in your hard disk (Offline) and take backup of your data time and again.
  • Disable the Server Message Block (SMB) ports which are automatically enabled in the Microsoft window.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign.
  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages.