Protection Against WanaCrypt0r and Other Ransomware

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
L7 Applicator

If you have been paying any attention to the news about ransomware attacks that have been popping up lately, you will notice that one called “WannaCry” or “WanaCrypt0r”. This one has been aggressive in its attack, by using the SMB Protocol and exploiting the EternalBlue(CVE-2017-0144) on Microsoft Windows systems.


Microsoft has published details about the WanaCryp0r attacks here:


The good news is that Palo Alto Networks Next Generation Security Platform automatically created, delivered and enforced protections to defend from this attack.


Our very own Threat Prevention group has a blog covering this topic here:
UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks


The Live Community team would like to help provide all the information needed to help configure your Next Generation Firewalls to be secure from attacks.


Palo Alto Networks can help prevent this ransomware attack with the following technologies:

The first link is to an article that describes in detail about how to configure ransomware prevention:
Best Practices for Ransomware Prevention


Other ways to protect yourself

As far as what else can be done, here are 8 ways that you can help protect yourself from WannaCry and other ransomware:

  1. Always install the latest Security Updates – It goes without saying to stay updated, as a lot of vulnerabilities are caught and patched almost daily. By keeping your machine updated, you prevent those vulnerabilities from being a risk on your machine.
  2. Patch SMB vulnerability – Microsoft has released specific SMB patches to protect against this attack here:  Also, Microsoft has even gone so far to release SMB patches for Unsupported versions of Windows (Windows XP, Vista, Server 2003 and Server 2008) here:  Note: Please note that Windows 10 users are not vulnerable to this SMB vulnerability at this time.
  3. Disable SMB – SMB in question is Server Message Block version 1. It goes without saying that if you are not using SMB inside of your network, to please disable it. To disable SMB, please follow these 4 steps:
    1. Inside the Windows Control Panel, click ‘Programs’
    2. Open ‘Features’ and click ‘Turn Windows Features on and off.”
    3. Now scroll down to find ‘SMB 1.0 /CIFS File Sharing Support’ and uncheck it.
    4. Click OK, close control panel and restart the computer.
  4. Enable hardware or software Firewalls and block SMB ports – It is vitally important to always have a firewall enabled. If you do use SMB inside of your network, then you can configure your firewall to block access to SMB ports on the Internet. SMB operates on TCP port 137, 139 and 445, and UDP port 137 and 138.
  5. Use an AntiVirus program – Again, a very simple point, to keep your AntiVirus of choice running and updated.
  6. Be cautious of Unknown Emails, Websites or Apps – Most ransomware uses phishing emails to get users to click on links. Always use caution when viewing uninvited documents or links.
  7. Backup your files regularly – This is always a great idea, to be prepared in the event your hard drive dies or you are hit with Ransomware, you have something to go back to.
  8. Keep up to date on your security knowledge – Cyberattacks and vulnerabilities appear in the news every day for popular software and services, such as Android, iOS, Windows, Linux and Mac. The more you are in the know on these activities in the Cyber World, this keeps your knowledge up to date and allows you to be more aware about these vulnerabilities and ways to prevent/avoid them.

As always, we welcome comments and feedback in the comments section below.


Thanks for reading.

Stay secure!

Joe Delio

Register or Sign-in
Top Liked Authors