Overview of WannaCry
WannaCry, also known as Wanna Decryptor ransomware has ran amuck on computers all over the world since the afternoon of May 12, 2017. Important files and documents are encrypted and are blackmailed for $300 to $600 value of virtual Bitcoin currency. By now, no effective decrypt methods found. Except for helpless waiting for the cure, there are some things we can do to prevent infection and make things better.
It is said that the WannaCry virus infect hard drive via TCP port 445 which opened by system during installing, so does to Petya variant virus. Following details how to block port 445 in Windows 7, 10, and XP in easy and simple ways. But before that, you may want to know what TCP port 445 is used for, so is the port 139.
Port 445 and Port 139
Port 445 and port 139 are Windows ports. Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing.
In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445, which replaces the older implementation that was over ports 137, 138, 139. Keep port 445 and port 139 opened will leave the hard disks exposed on this port, i.e. you share your hard drives with any one that can access to this port, including deleting, formating, and implant virus and so on.
You may understand port 445 in this way. If you close port 445, you will not be able to copy any file system data to or from the path where port 445 is closed. In terms of domain host, this will definitely break group policy. You will lose browsing capabilities to networks past the intranet network as well.
How to Check if Port 445 Is Open or Not
Although the port 445 is opened by system on Windows in most cases, it is necessary to check it on your host. Press Windows + R key combo to start Run box. Input “cmd” to start Command Prompt. Then type: “netstat –na” and press Enter. “netstat –na” command means scan all connected port and showing in numbers.
In one or two seconds, the picture will show up. Roll your mouse to the top and you’ll see the IP address of 445. In the last column, the status shows it is “LISTENING”. This means the TCP port 445 is opened.
How to Close Port 445 in Windows 10/7/XP
Since it is one of the most dangerous ports on the Internet and made way for WannaCry attack, closing it becomes urgent. There are three methods to disable port 445 in Windows 10, 7 and XP in total. All are simple and easy to follow. Let’s get to know them one by one.
How to Block Port 445 in Windows Firewall
The first method is the easiest one and it is suitable for almost every Windows user.
1. Go Start > Control Panel > Windows Firewall and find Advanced settings on the left side.
2. Click Inbound Rules > New rule. Then in the pop-up window, choose Port > Next >TCP > Specific local ports and type 445 and go Next.
3. Choose Block the connection > Next. Tick the three checkboxes and click Next. Specify the name and description at your will and click Finish.
4. Check if you have created the rule by Properties > Protocols and Ports > Local Port.
Actually, there is another method to stop port 445 with the help of Windows Firewall. It is just in another manner. For those who are getting used to command line operations, method 2 would be their favorite.
How to Close TCP Port 445 Opened by System on Windows 7 via CMD
Command line operations take effect immediately and once executed, you cannot go back. Therefore, general users who are not familiar with this operate manner, please take with caution.
1. Type “cmd” in the search box, right click the cmd from the list and Run as administrator.
2. Input: netsh advfirewall set allprofile state on and press Enter.
3. Input: netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445" and press Enter.
Some users report that these methods do not work on their computers. When go back to Command Prompt to check, the port 445 is still in “LISTENING”. In that case, we can try the third method, which is also simple.
How to Block TCP Port 445 via RegEdit
Modifying registry of the system can also help you protect yourself from WannaCry ransomware. However, you cannot be more careful during the process of modifying registry. It is a database for Windows system programs and installed applications. These programs might not be able to run well if you delete any important file by accident. Please backup registry first just in case.
1. Open Run box in the same way. Type “regedit” and press Enter.
2. Navigate to the path:
3. Right click the blank area and select New. Select DWORD (32-bit) Value or QWORD (64-bit) Value based on your system type (32 bit or 64 bit).
4. Rename the new value to SMBDeviceEnabled. Next, right click it and select Modify. In the pop-up window, change Value data from 1 to 0. Click OK to confirm.
This method is effective and almost applies to every computer user. If you just follow the steps strictly, no mistakes will be made. Please note that you need to disable Windows Server service to strengthen the protection for WannaCry cyber attack.
1. Type “services.msc” in Run box to open Windows Services.
2. Find Server and double click it. It is at the middle of the service events normally.
3. In the pop-up window, select Disabled from the drop-down list and click OK.
*Above methods apply to how to block port 139, port 135, port 137 as well as port 138. Just replace port 445 with these ports in the steps. It is suggested to close all of them for temporary.
*If you want to enable or open port 445 in Windows 7 in the future, just delete the new created rule in Windows Firewall, or change the value data from 0 to 1, or just delete the value in Registry Editor or switch Disabled to Automatic in Server Properties.
Other Helpful Tips for Surviving WannaCry and Petya Worm Hack
Disabling TCP port 445 or other dangerous ports is one of the most important steps in against ransomware. Nevertheless, we can do more in other aspects. Below are tips listed by security experts.
1. Disconnect network access first and then boot your computer if you don’t know whether your computer are hacked.
2. Install Windows patches and anti-virus software.
3. Do not click suspicious links in emails or on websites.
4. Back up everything you care via backup software especially for WannaCry ransomware like free AOMEI Backupper Standard. Create bootable media is also available in case your computer fails to boot.
5. Backup on a regular basis.
In the End
WannaCry ransomware is a global cyberattack behavior that attracts everybody’s attention. What we need to do is arm ourselves and fight against malicious hackers. However, in addition to doing something (eg: block 445 port) to remedy the problem after it occurs, it's necessary to make a schedule backup for your crucial data. Thus, with an exact copy of your data, you don't need to worry about data loss and won’t go mad next time facing similar issues.
Also, except for data, you still need to protect other important things on your PC, such as system, disk or partition. That way you won't be put in danger. If you still don't do so, download this free backup software - AOMEI Backupper to have a try!
You can backup any items you want, and enable its Schedule Backup to continuously protect your system and data. To avoid backup disk full, you can enable High compression level, Incremental and Differential Backup, Backup Scheme according to your situation. Differential Backup and Backup Scheme are available on the professional version or higher.