It was a hard Friday for many organizations all over the world, a new ransomware attack called ‘WannaCry’ (also known as WCry, WanaCrypt and WanaCrypt0r) is encrypting files and changing the extensions to .wnry, .wcry, .wncry and .wncrypt. that started its attack against hospitals across the UK before spreading across the globe.
The Wana Decrypt0r 2.0 ransomware is spread via spam email (using social engineering techniques) containing infected attachments or links to malicious websites.
At this time it’s not possible to recover the files encrypted by the Wana Decrypt0r 2.0 ransomware, but Microsoft has taken highly unusual move of making a security update for platforms in custom support (such as Windows XP) available to everyone
Our latesthackingnews readers should do the following:
– First of all is to keep your system and Antivirus up to date.
– Update your systems to patch the ransomware vulnerability, even if you’re using an unsupported version of Windows.
– Use a firewall and make sure to block the SMB ports (ports 137, 139, and 445 over TCP and ports 137 and 138 over UDP). The ransomware is using SMB (Server Message Block) vulnerability to infect your system.
– Disable SMB on your system by doing the following steps described by Microsoft.
– Back up always and keep a recent backup copy off-site.
– Be careful about unsolicited attachments and make sure that they come from a trusted source.
– In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or any other recovery software that use “shadow copies” of files.
Download Shadow Explorer tool and watch the following steps:
Or maybe you can try to use the “Windows System Restore”.
– WanaCry first makes a copy of the file, encrypts the copy, and then deletes the original file. So you can try to use a recovery software.
Download Recuva and watch the following steps:
Or you can use any other recovery tool.