As discussed and known very clearly, the ransomware virusesWannaCry si Petya could not cause damage to such a large scale if they did not use a service Windows, left enabled by default microsoft for at least strange reasons.
SMBv1 is the service that has been exploited and through which it has been able to get into millions of Windows PCs around the world. No matter what Windows 10, Windows 8 or Windows 7, SMBv1 must be disabled immediately.
Before going into the tutorial, let's see what means this SMBv1.
SMBv1 is the old protocolServer Message Block used by Windows to share files in a local network. Subsequently, this protocol was replaced by two versions.SMBv2 si SMBv3. The latter can remain active on the system. They are safe and can not be exploited.
From Microsoft, the SMBv1 protocol remained active on operating systems for the simple reason that they are a series of old applications using this protocol, they being updated forSMBv2 si SMBv3. Strangely reason to leave something like that in mind knowing beforehand cyber attacks as this protocol is a major risk.
How to disable SMBv1 on Windows 8 and Windows 10
Starting withWindows 10 Fall Creators Update(major update expected in September 2017) Microsoft will disable by default SMBv1. We do not know why so much damage was needed before Microsoft made this decision, but this is another discussion. Until then, SMBv1 can be deactivated very easily fromcontrol Panel →Programs →Turn Windows features on or off. You do not need to be expelled in computers to do this.
- Open control Panel and click "Programs"
- in the list of Windows services, applications and protocols, we identify and debif "SMB 1.0 / CIFS File Sharing Support”
Click "OK", then restored after the deactivation was successful.
For Windows 7, disabling SMBv1 is a little more complicated and requires little attention. You need to edit Windows Registry to disable the protocol.
How to disable SMBv1 on Windows 7
- open the Registry Editor from the Strat → search "regedit"
- In Registry Editor we use the left bar to navigate to:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
The next step is to create a new one subkey under "Parameters". Right click on "Parameters"→New →DWORD (32-bit) Value.
The name of the new value will be "SMB1" with "0", which means it is disabled.
all you have to do now is shut it down registry Editor and restart the operating system. After restarting, the SMBv1 protocol will be disabled.
As a clarification, SMBv1 is not directly responsible for the ransomware infectionWannaCry si Petya. Through this protocol, it was only allowed to spread the virus to local networks, infecting millions of computers around the world.
Do not forget to use up-to-date virus software, make backup copies of important files, and last but not least, click on buttons and links you click.