WannaCry, also known as Wanna Decryptor ransomware has ran amuck on computers all over the world since the afternoon of May 12, 2017. Important files and documents are encrypted and are blackmailed for $300 to $600 value of virtual Bitcoin currency. By now, no effective decrypt methods found. Except for helpless waiting for the cure, there are some things we can do to prevent infection and make things better.
It is said that the WannaCry virus infect hard drive via TCP port 445 which opened by system during installing, so does to Petya variant virus. Following details how to block port 445 in Windows 7, 10, and XP in easy and simple ways. But before that, you may want to know what TCP port 445 is used for, so is the port 139.
Port 445 and Port 139
Port 445 and port 139 are Windows ports. Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing. In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445, which replaces the older implementation that was over ports 137, 138, 139. Keep port 445 and port 139 opened will leave the hard disks exposed on this port, i.e. you share your hard drives with any one that can access to this port, including deleting, formating, and implant virus and so on.
You may understand port 445 in this way. If you close port 445, you will not be able to copy any file system data to or from the path where port 445 is closed. In terms of domain host, this will definitely break group policy. You will lose browsing capabilities to networks past the intranet network as well.
Know if Your Port 445 is Enabled or Not
Although the port 445 is opened by system on Windows in most cases, it is necessary to check it on your host. Press Windows + R key combo to start Run box. Input “cmd” to start Command Prompt. Then type: “netstat –na” and press Enter. “netstat –na” command means scan all connected port and showing in numbers.
In one or two seconds, the picture will show up. Roll your mouse to the top and you’ll see the IP address of 445. In the last column, the status shows it is “LISTENING”. This means the TCP port 445 is opened.
How to Close Port 445 in Windows 10/7/XP?
Since it is one of the most dangerous ports on the Internet and made way for WannaCry attack, close it becomes urgent. There are three methods to disable port 445 in Windows 10, 7 and XP in total. All are simple and easy to follow. Let’s get to know them one by one.
How to Block Port 445 in Windows Firewall?
The first method is the easiest one and it is suitable for almost every Windows user.
1. Go Start > Control Panel > Windows Firewall and find Advanced settings on the left side.
2. Click Inbound Rules > New rule. Then in the pop-up window, choose Port > Next >TCP > Specific local ports and type 445 and go Next.
3. Choose Block the connection > Next. Tick the three checkboxes and click Next. Specify the name and description at your will and click Finish.
4. Check if you have created the rule by Properties > Protocols and Ports > Local Port.
Actually, there is another method to stop port 445 with the help of Windows Firewall. It is just in another manner. For those who are getting used to command line operations, method 2 would be their favorite.
Close TCP Port 445 Opened by System on Windows 7 via CMD
Command line operations take effect immediately and once executed, you cannot go back. Therefore, general users who are not familiar with this operate manner, please take with caution.
1. Type “cmd” in the search box, right click the cmd from the list and Run as administrator.
2. Input: netsh advfirewall set allprofile state on and press Enter.
3. Input: netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445" and press Enter.
Some users report that these methods do not work on their computers. When go back to Command Prompt to check, the port 445 is still in “LISTENING”. In that case, we can try the third method, which is also simple.
How to Block TCP Port 445 via RegEdit?
Modifying registry of the system can also help you protect yourself from WannaCry ransomware. However, you cannot be more careful during the process of modifying registry. It is a database for Windows system programs and installed applications. These programs might not be able to run well if you delete any important file by accident. Please backup registry first just in case.
1. Open Run box in the same way. Type “regedit” and press Enter.
2. Navigate to the path:
3. Right click the blank area and select New. Select DWORD (32-bit) Value or QWORD (64-bit) Value based on your system type (32 bit or 64 bit).
4. Rename the new value to SMBDeviceEnabled. Next, right click it and select Modify. In the pop-up window, change Value data from 1 to 0. Click OK to confirm.
This method is effective and almost applies to every computer user. If you just follow the steps strictly, no mistakes will be made. Please note that you need to disable Windows Server service to strengthen the protection for WannaCry cyber attack.
1. Type “services.msc” in Run box to open Windows Services.
2. Find Server and double click it. It is at the middle of the service events normally.
3. In the pop-up window, select Disabled from the drop-down list and click OK.
*Above methods apply to how to block port 139, port 135, port 137 as well as port 138. Just replace port 445 with these ports in the steps. It is suggested to close all of them for temporary.
*If you want to enable or open port 445 in Windows 7 in the future, just delete the new created rule in Windows Firewall, or change the value data from 0 to 1, or just delete the value in Registry Editor or switch Disabled to Automatic in Server Properties.
Other Tips for Surviving WannaCry and Petya Worm Hack
Disabling TCP port 445 or other dangerous ports is one of the most important steps in against ransomware. Nevertheless, we can do more in other aspects. Below are tips listed by security experts.
1. Disconnect network access first and then boot your computer if you don’t know whether your computer are hacked.
2. Install MS17-010 patch for Windows 7 and install anti-virus software.
3. Do not click suspicious links in emails or on websites.
4. Backup everything you care via backup software especially for WannaCry ransomware like free AOMEI Backupper Standard. Create bootable media is also available.
5. Backup on a regular basis.
In the End
WannaCry ransomware is a global cyber attack behavior that attracts everybody’s attention. What we need to do is arm ourselves and fight against the malicious hackers. Develop the habit of making regular backup for your crucial data, and you won’t go mad next time facing similar issues.