How to Protect Yourself from WannaCry Ransomware

UPDATED 5:42 p.m. EDT Monday with information that WannaCry also encrypts data on some backup drives.

UPDATED 3:20 p.m. EDT Friday with information that WannaCry has trouble spreading to Windows XP machines.

Three days after it first appeared, the WannaCry ransomware is still infecting Windows computers around the world, and experts warn that more variants are on their way.

Credit: SvetaZi/Shutterstock

(Image credit: SvetaZi/Shutterstock)

Fortunately, there are some fairly simple steps you can take to avoid infection. Here are the main ones.

Patch Windows with the latest software updates

Microsoft released a patch that prevents WannaCry infection back in March, two months before this latest version of the ransomware appeared. Open the Windows Start menu, type in "windows update," click Check for Updates and permit installation of anything marked "Important." Let Windows Update run its course, and then restart the system. (If you've run Windows Update since mid-March, you should already be protected.)

Microsoft has also released patches for Windows XP and Windows 8, which the company no longer supports. If you run Windows Update in those operating systems and no important updates come up, then go to the end of this Microsoft security advisory and click on the link pertaining to your operating system. The link will contain instructions for manual installation of the software patch.

MORE: WannaCry Ransomware Attack: What You Need to Know

Don't know which operating system you're running? Go to the Start menu, select Control Panel or Settings and then click System. (You may have to change the Control Panel "view" to Small Icons in the upper-right corner.) The resulting page should tell you which version of Windows you're using, and whether it's the x86 (32-bit) or x64 (64-bit) operating system. Then go to the Microsoft page linked to above, find the patch for your operating system and follow the instructions.

UPDATE: Security researchers said Friday that WannaCry has trouble infecting most Windows XP machines. The ransomware component works on XP, but the part that spreads the infectious agent across a network does not.

"The worm that spreads WannaCry does not work for XP," Jerome Segura, lead malware intelligence analyst for Malwarebytes, told Tom's Guide. "You'd have to install the ransomware by other means, which is why there aren't many infections on XP at all."

Back up all your files

WannaCry, like most forms of encrypting ransomware, locks up image, movie, email, office and database files — pretty much any kind of file a regular user would create. That means that while your computer will keep running, you won't be able to access your photos, Word documents, spreadsheets, video files or emails without paying the ransom.

To avoid this trap, make it a regular practice to periodically back up those files somewhere else. The best way is to have both an external hard drive for local backups, and an online-backup service to store your data in the cloud should you lose both your computer and the external drive (say, due to fire, flood or theft). Some backup software, such as that made by Acronis, handles both local and online backups.

To be extra safe, start the local backup manually, and turn on the external drive only when you're backing up to it. Some ransomware looks for always-on backup drives and encrypts them as well. UPDATE:Bleeping Computer notes that "if a user uses a cloud storage service and regularly synchronizes their locate data with the cloud, the files on the cloud will be overwritten by the encrypted versions."

Install and run antivirus software

All good antivirus software will now stop the WannaCry malware, and the best antivirus software will catch most brand-new variants. But bear in mind that antivirus software is not a silver bullet and isn't foolproof. Instead, consider it one of many defenses that you can deploy.

Create and use a limited-user account

There are two kinds of user accounts on Windows. Administrator accounts can install, update and remove software, and malware that infects an administrator account can do so as well. Limited accounts, however, are barred from altering a computer's software installations, and in most cases, malware that infected limited accounts will be similarly crippled.

Unfortunately, Windows creates administrator accounts by default. So go into Control Panel —> User Accounts —> Manage User Accounts and create a limited account for every person who uses your PC, including yourself. Then use that limited account for everything you normally do on that machine. Use the administrator account ONLY for updating, adding or removing software.

Don't open unexpected email attachments

We don't yet know how WannaCry spreads from one company network to another, but most ransomware infects computers by tricking users into opening malicious attachments to phishing emails. Even if the email comes from someone you know, don't open the attachment, as cybercriminals can "spoof" email addresses or hijack other people's email accounts.

If you feel that the attachment really is something you need to see, then save the attachment to your desktop without opening it, right-click the attachment file and have your antivirus software scan it.

Change your network settings

WannaCry may be using a flaw in Microsoft's Server Message Block SMB protocol to spread. SMB lets computers on the same network share files, printers and other objects, but it's pretty easy to turn off.

Go into Control Panel or Settings, look for Network and Sharing Center and click Change Advanced Sharing Settings. Under Home or Work, Public and Domain, select the items labeled "Turn off network discovery," "Turn off file and printer sharing" and "Turn off public folder sharing."

Don't download pirated movies, music or software

Again, we don't know if WannaCry is spread using this method, but some ransomware is injected into media files or software installers posted in file-sharing services. If you really insist on getting digital goods without paying for them, then at least scan the ill-gotten files with antivirus software before opening them.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.