This Friday, a Malware called “WannaCry” attacked millions of PC in all of the world. Which included hospitals, companies and universities. 74 countries have been attacked, (America, China, India, France…).
这周五,一个叫 WannaCry 的病毒,向全世界 74 个国家医疗,公司,学校的电脑发起了攻击(美国,中国,印度,法国。。。)
The hacker used a tool of NSA called “Eternal Blue” to block all your importants files and asked you for Bitcoin (1 Bitcoin = 1700 US Dollar - 05/2017). Once files have been blocked, you can hard to get all them back, even you pay for these Hackers.
黑客用一个叫永恒之蓝的 NSA 被盗的工具,锁住你电脑里所有重要的文件,并提示你支付比特币 (1 比特币 现在约等于 1700多 美元)。一旦你的电脑中招,很难把文件再找回,甚至付给黑客们钱也不太可能。
As so fall, we know that all PC with Windows, (even you have two system on your Mac and one of them is Windows) can be hacked easily. Things we can do to avoid this attack so far is below:
现在我们了解所有 windows 电脑都有可能中招,( 包括双系统其中一个是 windows ),现在为止为了预防病毒你能做的是如下:
First, update to Windows 10 as your first choice. And update Windows Defender.
Then, you should enable Windows Firewall and close the Port: 445 on your PC. Which is probably the way these Hackers try to attack your PC, following these Steps below:
首先,请最好升级至 Windows 10 作为你的首选项, 然后升级 Windows Defender 到最新版本。
接着,你要启动 Windows 防火墙,然后关闭你的 445 端口,因为是这些黑客攻击的主要途径,跟着下面的步骤:
Step 1 (for Win7 / Win8 / Win10):
Open the “Control Panel”, click “System and Security” - then “Windows FireWall” 打开 “控制面板”, 点击 “系统与安全” - 然后 “Windos 防火墙”
Step 2 (for Win7 / Win8 / Win10):
Click “Start or turn off the firewall”, then start it, click “OK” 点击 “启动或关闭防火墙”,然后启动,然后 “确认”
Step 3 (for Win7 / Win8 / Win10):
click on “Advanced Settings” 点击 “高级设置”
Step 4 (for Win7 / Win8 / Win10):
click on “Inbound rules” - “New Rule” 点击 “入站规则” - “新建规则”
Step 5 (for Win7 / Win8 / Win10):
click on “Port” - “Next” 点击 “端口” - “下一步”
Step 6 (for Win7 / Win8 / Win10):
click “Specific local ports”, input “445” - “Next” 点击 “特定本地端口”, 输入 “445” - “下一步”
Step 7 (for Win7 / Win8 / Win10):
click “Block connection” - “Next” 点击 “阻止连接” - “下一步”
Step 8 (for Win7 / Win8 / Win10):
select all in “Profile” - “Next” 在 “配置文件” 中全选 - “下一步”
Step 9 (for Win7 / Win8 / Win10):
give a name as you like, click “finish” 随便取个名称,点击 “完成”
Other things you should know:
-
If you are familiar with CMD, you can just run it as Admin, and run this:
netsh advfirewall set allprofile state on netsh advfirewall firewall add rule name=deny445 dir=in action=block protocol=TCP localport=445 -
This malware will attack your PC directely from Port 135, 138, 445, 3389, etc. It’s sure that you can close all of these Ports, but in the same time some service which using these Ports will be stoped.
-
Please make sure that all your important files have one or more copies in you USB memory stick or other device, just pay attention.
PS. This post was written by English and Chinese, but the Screenshots showed in French language, that was because my PC was run in French, but you can easily find all the access or bouton in the same corner on your PC either in English or Chinese.
Hope no one will be attacked by this attack </PEACE>