As has been discussed before and is very clearly known, ransomware virusesWannaCry and Petya they could not cause damage on such a large scale, if they did not use a service Windows, left enabled by default by Microsoft for at least strange reasons.
SMBv1 is the service that was exploited and through which it was possible to penetrate millions of Windows PCs around the world. No matter what it is about Windows 10, Windows 8 or Windows 7, SMBv1 must be disabled immediately.
Before entering the topic of the tutorial, let's see what this means SMBv1.
SMBv1 it's the old protocolServer Message Block used by Windows for file sharing in a local network. Later this protocol was replaced by two versions.SMBv2 and SMBv3. The latter can remain active on the system. They are safe and cannot be exploited.
According to Microsoft, the SMBv1 protocol has remained active on operating systems for the simple reason that there are a number of old applications that use this protocol, they being updated forSMBv2 and SMBv3. Strange reason to let something like that happen knowing in advance cyber attacks like this protocol represents a major risk.
How to disable SMBv1 on Windows 8 and Windows 10
Starting withWindows 10 Fall Creators Update(major update expected in September 2017) Microsoft will disable by default SMBv1. We don't know why it took so much damage before Microsoft made this decision, but that's another discussion. Until then, however, SMBv1 can be disabled very easily fromControl Panel →Programs →Turn Windows features on or off. You don't need to be experienced in computers to do this.
– open Control Panel and click on “Programs“.
– in the list of Windows services, applications and protocols, we identify and uncheck them “SMB 1.0/CIFS File Sharing Support“
Click “OK”, then restored after successful deactivation.
For Windows 7, disabling SMBv1 is a bit more complicated and requires a little attention. You need to edit the Windows registry to disable the protocol.
How to disable SMBv1 on Windows 7
– open the registry editor (Registry Editor) from Strat → search “regedit“.
– in the Registry Editor we use the bar on the left side to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
The next step is to create a new one SubKey sub “Parameters”. Right click on “Parameters” →New →DWORD (32-bit) Value.
The name of the new value will be “SMB1” with the value “0”, which means it is disabled.
all you have to do now is close Registry Editor and restart the operating system. After the restart, the SMBv1 protocol will be disabled.
As a clarification, SMBv1 is not directly responsible for ransomware infectionWannaCry and Petya. This protocol only allowed the spread of the virus in local networks, thus infecting millions of computers around the world.
Don't forget to use an up-to-date virus software, to make permanent backup copies of important files and last but not least, pay attention to which buttons and links you click.
