WannaCry Malware Deployment Prevention

malware wannacry

Ransomware WannaCry The last few months have carried out massive attacks happening in many countries of the world.

Malware WannaCry uses security gaps in the SMB and RDP features that are used to share files in Windows. SMB runs on a network on UDP 137.138 and TCP 137.139, 445. While RDP is on port 3389.

This Malware attacks by encrypting the data on the victim’s computer. This malware causes files on the victim’s computer to be inaccessible anymore. To be able to re-access our data, the malware maker asks for some kind of ransom money.

Disabling SMB and RDP functions, Windows patch updates, backup data/files on other storage and so can prevent such malware attacks.

However, it does not hurt if we add a security method in our network system. We can do filtering using the filter firewall feature mikroTik. to perform blocking ports and protocols used by WannaCry malware in attacking.

Firewall Filter for WannaCry Ransomware

The first way to create a firewall filter rule on Mikrotik Router. Block data exchange on protocols and ports used by WannaCry malware.

firewall filter ransomeware wannacry
firewall filter ransomeware wannacry

This Rule will work for the traffic of different subnets, both between LAN and from public/Internet.

Bridge Filter for WannaCry Ransomware

If all hosts are in the same IP segment and bridging the conditions, Bridge Filter can walking. The steps define the Matcher then use action = Drop.

bridge filter ransomeware wannacry
bridge filter ransomeware wannacry

Switch ACL WannaCry Ransomware

For prevention on a single network subnet. Besides using Bridge Filter method can also use ACL feature on managed switch. Example on Mikrotik Cloud router switch product.

switch acl for ransomeware wannacry
switch acl for ransomeware wannacry

Also create a new rule for TCP blocking 445 and 3389 to complement the above rule to make it safer.

Temporarily block access between host/computer cannot use File sharing feature via SMB or Remote Desktop. Alternatives you can use a VPN application that has an RDP function. Exchange of files can be done with the Cloud service or a public or offline server. It is also advisable not to download files or run programs that originate from untrusted sources.

And here that is our tips, if it is useful then share and subscribe to our channel. Thank you everyone 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *