1. 程式人生 > >禁止“勒索病毒”攻擊的解決辦法

禁止“勒索病毒”攻擊的解決辦法

上週末開始“勒索病毒”大面積侵襲Windows作業系統,這裡講一個解決辦法。

首先新建一個文字檔案,命名為:

WannaCry勒索病毒一鍵加固v1.3.bat

這其實是一個批處理檔案,內容如下:

@echo off
mode con: cols=85 lines=30
:NSFOCUSXA
title  WannaCry勒索病毒安全加固工具  
color 0A
cls
echo.                   
echo.                      
echo -----------------------  WannaCry勒索病毒安全加固工具  --------------------------
echo
. echo. echo * WannaCry勒索軟體可加密硬碟檔案,受害者必須支付高額贖金才有可能解密恢復,安 echo 全風險高,影響範圍廣! echo. echo * 網路層面:建議邊界防火牆阻斷445埠的訪問,可通過IPS、防火牆相關安全裝置配 echo 置相關阻斷策略。 echo
. echo * 終端層面:暫時關閉Server服務,使用命令"netstat -ano | findstr ":445"",確保 echo 關閉445埠,建議在微軟官網下載MS17-010補丁,選擇對應的版本進行補丁安裝,補 echo 丁下載地址:http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598。 echo. echo * 必須以系統管理員身份執行,以下提供此工具所做的操作的介紹: echo. echo 1:WIN7加固 2:WIN10加固 3:WIN2003加固 4
:WIN2008加固 5:WIN2012加固 echo 6.WIN2016加固 echo. echo 7: 退出 echo 綠盟科技 V1.3 echo www.nsfocus.com echo echo --------------------------------------------------------------------------------- echo. set start= set /p start= 輸入(1 2 3 4 5 6)後按回車鍵: if "%start%"=="1" goto WIN7 if "%start%"=="2" goto WIN10 if "%start%"=="3" goto WIN2003 if "%start%"=="4" goto WIN2008 if "%start%"=="5" goto WIN2012 if "%start%"=="6" goto WIN2016 if "%start%"=="7" goto quit goto NSFOCUSXA :WIN7 net stop server /Y > nul sc config lanmanserver start= disabled netsh advfirewall set currentprofile state on > nul netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp > nul netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp > nul echo --------------------------------------------------------------------------------- echo * Windows 7系統加固命令執行完畢! echo . pause goto NSFOCUSXA :WIN10 net stop server > nul sc config lanmanserver start= disabled netsh firewall set opmode enable > nul netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp > nul netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp > nul echo --------------------------------------------------------------------------------- echo * Windows 10系統加固命令執行完畢! echo . pause goto NSFOCUSXA :WIN2003 net stop server > nul net start sharedaccess > nul sc config lanmanserver start= disabled netsh firewall add portopening protocol = ALL port = 445 name = DenyEquationTCP mode = DISABLE scope = ALL profile = ALL > nul echo --------------------------------------------------------------------------------- echo * Windows Server 2003系統加固命令執行完畢! echo . pause goto NSFOCUSXA :WIN2008 net stop server /Y > nul sc config lanmanserver start= disabled netsh advfirewall set currentprofile state on > nul netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp > nul netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp > nul echo --------------------------------------------------------------------------------- echo * Windows Server 2008系統加固命令執行完畢! echo . pause goto NSFOCUSXA :WIN2012 net stop server > nul net start MpsSvc > nul sc config lanmanserver start= disabled netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp > nul netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp > nul echo --------------------------------------------------------------------------------- echo * Windows Server 2012系統加固命令執行完畢! echo . pause goto NSFOCUSXA :WIN2016 net stop server > nul sc config lanmanserver start= disabled netsh advfirewall firewall add rule name="DenyEquationTCP" dir=in action=block localport=445 remoteip=any protocol=tcp > nul netsh advfirewall firewall add rule name="DenyEquationUDP" dir=in action=block localport=445 remoteip=any protocol=udp > nul echo --------------------------------------------------------------------------------- echo * Windows Server 2016系統加固命令執行完畢! echo . pause goto NSFOCUSXA

右鍵使用“以管理員身份執行”點選這個檔案,如圖:

這裡寫圖片描述

進入系統,如圖:

這裡寫圖片描述

根據自己的作業系統類別,輸入相應的數字,比如你的是win7,那麼輸入:1。

然後系統就執行完畢,如圖:

這裡寫圖片描述

其實就是關閉了“445”埠。

注意:執行完畢之後要重啟作業系統!