What Is WannaCry? How to Remove This Ransomware

WannaCry Ransomware demands payment from the victim after launching a cyber-attack on the computer. This has become a rising trend among the cyber criminals lately. This massive ransomware attack has affected a number of organizations in various countries and has hit more than 200000 computers across the world.

This ransomware has mostly attacked healthcare providers across the world especially the hospitals in the UK, as they contain a lot of valuable private information like all the health records and much more. Some of the big organizations like Renault, Germany Railways, telephonica, Russian Central Bank, FedEx etc., have also been attacked.

The WannaCry Ransomware is mostly affecting PCs that are using the Windows XP, 7, 8 or 8.1 operating systems. Also, those PCs that have received security updates that are publicly available and those PCs that are running on Windows 10 and other newer operating systems but are not well-maintained and secure.

This WannaCry Ransomware could also have been intended only to demonstrate the moral hazard of government. The government that catalogs software vulnerabilities but never bothers to notify the software developers. So WannaCry Ransomware could have been made only to illustrate what could happen if these vulnerabilities fall into the wrong hands. But this only a possibility. Another internal investigation also says that the intrusion could be an accidental phishing attack that has hit its mark.

We live in an era of huge data where almost all of the software is trackable. In such a situation, where the software vulnerability can bring a big portion of the world to a halt, we should be expecting more than just a timely release of a patch to stop this kind of malicious attacks. The software developers should be more adept, notify at-risk parties and ensure that the systems become properly patched. Only emails, blog post and updates are not sufficient because a lot of customers do not receive mainstream support from the developers and may not even know that their system is vulnerable.

What is WannaCry Ransomware? How does it work?

WannaCry Ransomware is a kind of cyber-attack where the hackers take control of a computer system and block access to it until a ransom is paid. To do this and gain access to the system, the hackers need to download a type of malicious software into the device within the network.

This is done by getting the victim click on a link and download it. This link can be sent either through an email, on a web page or through any advert. Once the download is complete and the software is on the victim’s computer, the hackers launch an attack and lock all the files it can find in the network. This is a gradual process where the files are encrypted one after the other.

Once all the files are encrypted, this malware blocks access to the computer and all its data, deletes all the original files and posts a message in a readme file form, demanding a ransom to decrypt the data and release it. It also threatens to destroy all the data if the ransom is not paid. The hackers also often use a timer attached in order to put pressure.

How does WannaCry Ransomware spread?

The WannaCry Ransomware mostly spreads by hiding itself within PDFs, Word documents or other files that can normally be sent via email. It can also spread through a secondary infection on the computers that are already affected by other viruses. These types of virus affected computers are more vulnerable and often offer a back door for further virus attacks.

The malicious WannaCry ransomware has attacked computers all over the NHS, NSA and other companies in Russia, Spain, Taiwan, Ukraine and many other countries. It has led to all the PCs and their data being locked up for a ransom. This malicious software infects the PCs, encrypts all the data and contents in it and then demands payment of 100’s of dollars to provide the key that can decrypt the files.

This attack had infected a large number of computers across most of the health services in less than 6 hours on 12^th of May. This is because it has the ability to spread within a network from PC to PC. This ransomware has caused a lot of mess and inconvenience in the hospitals across England especially the NHS as they had to divert their emergency patients and cancel surgeries.

This WannaCry ransomware was first spotted by Security Researchers Malware Hunter Team in the wild on 12th of May. Later, within a few hours, the ransomware was found in the computers of NHS and spread throughout the internal network.

Who Are the Attackers behind WannaCry?

The attackers are still unknown but one thing we know about them is that this is their second creation of cyber-attack. An earlier version of the same ransomware was discovered in February this year called as “WeCry” which did the same job of locking up files and programs and asking for a ransom to unlock them.

What Amount of Ransom Are They Demanding?

A ransom of $800 US is being demanded by these hackers. They are demanding this payment to be made in Bitcoins as this payment medium is difficult to trace. But it is not impossible to trace bitcoins.

If the victim does not pay the ransom within 3 days, these attackers are doubling up the amount to be paid. If no payment is made, all the encrypted files and data of the PC will be deleted along with the readme text file that they send asking for money.

Does Paying the Ransom Unlock the Files?

There is no guarantee that paying the ransom helps in unlocking the files because these cyber criminals cannot be trusted. They might either unlock the files or sometimes they might also ask for more money. Also, paying this kind of ransom funds more cyber crimes.

What Can Be Done If Your PC Is Attacked by WannaCry?

If the ransomware has already encrypted your files, there is not much that you can do. But, if you have a backup of all the files that are encrypted, you can clean the computer and restore them.

How Can You Fix or Remove the Ransomware?

Security experts say that some antivirus softwares are capable of decrypting the WannaCry virus. According to the experts, this ransomware is identified and blocked by 30% of the antivirus vendors using the current virus definitions. There have been reports that the Kaspersky and SpyHunter softwares are capable of managing the threat effectively. But you will have to purchase the software. The free version of the same will only inform you if your PC is infected.

There are also few public decryption codes that are available and are capable of decrypting this malicious software. But these decryption keys only work on particular PCs and there are different decrypt codes for different PCs.

How Long Will WannaCry Attack Last?

WannaCry ransomware has a very short shelf life as all the antivirus companies and software developers are already behind the malware and are creating patches, decrypts, and antivirus for it.  This malicious software will soon vanish with all the patches and decrypts coming into existence and saving all the attacked PCs.

How to Protect Yourself against the WannaCry Ransomware Attack?

1. If you have not been a victim of the WannaCry ransomware attack yet, you can follow the below mentioned steps in order to protect your PC from the attack:

• Keep your Antivirus and Firewall software up to date
• Regularly update your computer’s operating system. These software updates usually include new patches that help you in avoiding this kind of vulnerabilities
• Do not click on any link or do not open any attachments that you receive from unexpected emails
• Backup all your data immediately. This will help in preventing the ransomware from having a hold on your PC. Store the backed-up data on any external storage device or on a server that does not have access to the Internet
• If you are using Windows XP, 7, 8 or 8.1, upgrade your windows to Windows 10. This is because Windows XP, 7, 8 and 8.1 are more vulnerable to these attacks

2. If you have already been attacked by the Wannacry ransomware, the first thing to be done is entering safe mode. Follow the steps given below to enter safe mode for Windows XP, 7, 8, 8.1 and 10

First of all, bookmark this page or save it on any other device as you will have to exit your browser during the guide.

Entering safe mode:

• For Windows XP and 7:  As soon as you switch your PC on, before Windows starts, Click on the F8 key. A “Boot menu” will appear, Click on “Safe mode with networking” and tap Enter
• For Windows 8 and 8.1: Go to the Start menu> Control panel> Administrative tools> System configuration. Under “System configuration” select Safe boot> Networking> Restart. Your computer will now restart and boot into the safe mode
• For Windows 10:  Go to the Start menu> Settings> Update and Security> Recovery. Now, under “recovery” and click on “Restart”. Your computer will now Restart and a “Choose option” screen will open. On this screen, go to Troubleshoot> Advanced options> Start-up settings and click on “Enable safe mode with networking” option and press Enter. The computer is now booted into safe mode

How to Remove WannaCry Ransomware from Your PC?

Removing WannaCry Ransomware from your computer requires you to look for all the processes in your PC that are related to WannaCry  Ransomware.

Step 1 (Processes):

You can start doing so by pressing Ctrl+Shift+Esc. This will open the “Task manager”. Under the task manager, look into the processes tab and carefully examine for any unfamiliar entries.

A malicious process usually consumes a large amount of resources of CPU and RAM. If you discover something that doesn’t look regular, then right click on it, open the file and delete everything. Be very careful while doing this and make sure that the process that you are deleting is related to WannaCry.

Step 2 (Startup Programs):

Next, look into the “Startup programs”. In the “Search bar” type “System configuration”, select the first result and go to the Startup tab. Take a look at the list of programs. If you feel that there is any unknown developer or unfamiliar file, just uncheck it and click OK.

Step 3 (Registry):

Next, use the registry to look for more untrusted files. Open the “Run” window, type “regedit” and hit Enter. Once the registry launches, press Ctrl +-F</ type the name of the virus, like “Ransom.CryptXXX” or “WannaCry” and Click “Find next”. Delete all the files that relate to these names.

Step 4:

Finally, you have to delete all the other potential files that may contain this virus. To delete all these files, go to the “Start menu” and individually start typing the following terms one by one:

%AppData%, %LocalAppData%, %ProgramData%, %WinDir%, %Temp%.

After entering each one of the terms, a content folder will open. Sort all the files “by date” and delete all the recent folders and files present in it. Follow the same procedure for each one of the above-mentioned terms.

Finally, go to the “temp folder” and remove all of the files from it.

Though the above-mentioned methods are not 100% guaranteed to remove the malicious WannaCry ransomware, but it might help you in negating some of the problems that the virus can cause.

WannaCry Ransomware Decryption Key

There are few decryption codes that seem to be capable of decrypting the malicious Wannacry ransomware. Here we have mentioned a decrypt key that is supposed to help all the virus attacked PCs out there. Just enter this decrypt code in your computer and the malware that has attacked your PC will be decrypted successfully.

Remember that this decrypt code is not suitable for all the PCs. This decrypt code will work on only specific computers as there are different decrypt codes for different computers.

Decrypt code: [sociallocker]WNcry@2oI7[/sociallocker]

Additionally, what you can do to protect your PC from the malicious attack is:

• Avoid opening any kind of unusual or suspected file
• Do not download any unknown email attachment
• Install the patch released by windows for windows XP, 7, 8 and 8.1 immediately.

Conclusion

In this article, we have given out all the information possible about the malicious WannaCry Ransomware. We have informed you about what the WannaCry Ransomware is, how it works and spreads, how to protect your PC from this cyber-attack if attacked, if not attacked, how to remove the malicious software from your PC, the decryption code to decrypt your affected PC and much more. So, update your computer, its operating software, the antivirus and firewall to keep your PC protected. Along with it, complete the tutorial given above in order to make your PC safe from the cyber-attack.