Last updated on March 1st, 2018
WannaCry is a type of ransomware virus, that infects Windows computers and encrypts with strong encryption, all the personal data that stored on the victim's computer. After encryption, Wanna Cry asks from the victims, to pay for a ransom in order to get the decryption key to decrypt the encrypted files, otherwise the files will be lost .
The WannaCry ransomware (also know as Wanna Cry,WanaCrypt0r, WanaCry, Wana Cry, WanaDecryptor, WanaCryptor, WCry, WNCry, wcrypt or Ransom Cry128), is appeared for first time on March 2017 and it is spread using NSA's "EternalBlue" exploit, that leaked by the "Shadow Brokers" hackers team. The "EternalBlue" exploit, is a software tool designed to take advantage of a flaw in a computer system, allowing the attacker to take control of the system.
This tutorial contains instructions on how to restore WannaCry encrypted files and how to protect your PC and your personal data from WannaCry ransomware infection.
How to Decrypt WannaCry files.
From our research, we can inform our readers that in many cases, the files remain encrypted, despite the fact that the user makes the payment. So, avoid paying the ransom, if possible, because you funding the criminals.
Unfortunately, there is not a free decryptor tool or other way to decrypt WCry infected files if you have restarted your system.
Two free decryptor tools named "WanaKiwi" & "Wannakey" are "able" to decrypt the WanaCry encrypted data, but only if the user has not restarted or turned off the computer.
The tools has tested and known to work under Windows XP, 7 x86, 2003, Vista and Windows Server 2008.
How to restore Wannacry files?
If you have infected with WannaCry, immediately disconnect you computer from the network and then clean your computer by using this guide. After cleaning your computer use one of the follow methods to get your files back:
- If you have enabled System Restore on you system and the ransomware has not disabled it, then restore your files from Shadow Volume Copies.
- Restore your files from a clean Backup.
- If you have synchronized your files, using an online storage service (like DrobBox, OneDrive, Google Drive, etc.) then restore your files from there.
How to Protect from WannaCry infection.
1. Backup your files regularly to an external storage device (USB disk), and keep the backup media disconnected from your PC. This is the most reliable solution in order to protect yourself your files, from ransomware, malware attacks or disk fails.
- How to Backup your Personal Files with SyncBackFree
- How to Backup your Personal Files with Windows Backup.
2. Install the Microsoft Security Bulletin MS17-010, that was designed especially to close a flaw in SMBv1 that allows WannaCry to compromise your system. Below you can find the Microsoft's links to download the required updates.
WannaCry Security Update for English Language:
- MS17-010 Update for Windows 10 (KB4012606)
- MS17-010 Update for Windows 10 Version 1511 (KB4013198)
- MS17-010 Update for Windows 10 Version 1607 (KB4013429)
- MS17-010 Update for Windows 8.1 (KB4012216)
- MS17-010 Update for Windows 7 & Server 2008 R2 (KB4012212)
- Security Update for Windows 8, Vista, Server 2003 & Server 2003 (KB4012598)
- Security Update for Windows Vista x86 (KB4012598) (Direct Download)
- Security Update for Windows Vista x64 (KB4012598) (Direct Download)
- Security Update for Windows XP3 ENGLISH (KB4012598) (Direct Download)
- Security Update for Windows XP3 GREEK (KB4012598) (Direct Download)
- MS17-010 Windows for Server 2016 x64 (KB4013429)
- MS17-010 Windows for Server 2012 R2 (KB4012216)
- Security Update for Windows Server 2008 x86 (KB4012598) (Direct Download)
- Security Update for Windows Server 2008 x64 (KB4012598) (Direct Download)
- Security Update for Windows Server 2003 x86 (KB4012216) (Direct Download)
- Security Update for Windows Server 2003 x64 (KB4012216) (Direct Download)
Wannacry Security Update for other languages:
- Windows Server 2003 SP2 x64,
- Windows Server 2003 SP2 x86,
- Windows XP SP2 x64,
- Windows XP SP3 x86,
- Windows 8 x86,
- Windows 8 x64
3. Always keep Windows updated with the latest updates.
- May 2017 Cumulative Update for Windows 10
- May 2017 Security Monthly Quality Rollup for Windows 8.1 & Server 2012 R2 (KB4019215)
- May 2017 Security Monthly Quality Rollup for Windows 7 & Server 2008 R2 (KB4019264)
4. Do not click suspicious links on emails.
5. Do not visit unsafe web pages and never click to links that looks harmful.
6. Be suspicious when prompted, from an unknown source or person, to visit a unreliable site, in order to gain a present or to read something that's important to you.
7. Never open attachments from unsolicited emails with tricky text messages which prompt you to open the included attachment, in order to see the important details that the document contains.
8. Be suspicious for fake email messages that look legitimate, like fake messages from banks, online stores, online money services, etc..
9. Always keep your antivirus program updated.
10. Use an anti-ransomware software to protect your system for this type of viruses. For this task your can use the Malwarebytes 3.0 Premium security program that combines anti-malware and antivirus protection.
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.