What is WannaCry Ransomware? WannaCry Ransomware is a computer infection used by cyber criminals to encrypt your files making them inaccessible to you. It is also known as WannaCryptor, WNCRY, or Wana Decryptor. You are then demanded to pay the ransom money which usually amount to $500 and up using Bitcoins cryptocurrency in order to open your files again using the decryption key that the cyber criminals created.
The WannaCry Ransomware began its attack on the 12th of May, 2017 and has infected 230,000 users all over 150 countries and has affected a couple of big companies. This ransomware multiplies using EternalBlue which is takes advantage of the Windows’ Server Message Block or SMB protocol. EternalBlue was released by a group of cyber criminals called the shadow brokers. This network infection vector is then used to exploit Microsoft’s implementation of the SMB protocol which installs the DoublePulsar that is a backdoor implant which transfers and runs the WannaCry ransomware package. A security expert managed to stop or tone down the attack using a kill switch but the WannaCry ransomware still managed to cause havoc.
Once your computer is infiltrated by the WannaCry Ransomware, it displays a window which contains the following message illustrated below.
If you are infected by this ransomware, make it your first and top priority to remove it. Because even if you don’t pay the ransom, the WannaCry ransomware will continue to encrypt files on your computer until everything’s encrypted. Thus, this ransomware really justifies its name for it will really make you “WannaCry” after you lose access to all your files. Calm down though, for this article will guide you on how to remove this abrasive ransomware. All you have to do is follow the steps below:
Step 1. Reboot your computer into Safe Mode.
Windows XP/Windows Vista/Windows 7
1. Restart your computer.
2. Press the F8 key for a couple of times to open the Boot menu.
3. Navigate to Safe Mode using arrow keys, and then press Enter.
Windows 8/Windows 8.1
1. On the Metro User Interface screen press the Power icon.
2. Tap and hold the Shift key and click on Restart.
3. Select Advanced options from the Troubleshooting menu.
4. Navigate to Startup Settings and press Restart.
5. Press the F4 key to reboot in Safe Mode.
Step 2. Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the any suspicious processes that can be related to the WannaCry Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3. Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Locate any suspicious program and then Uninstall. Then click the Windows button and type msconfig in the search box and hit Enter to Open System Configuration. Go to Startup and unmark items with an unknown manufacturer.
Step 4: Press the Start key + R and type the following:
Notepad %windir%/system32/Drivers/etc/hosts
This file will open which will determine if you are hacked through a bunch of IP addresses at the bottom:
Open the start menu by clicking the Windows button and search for Network Connections using the search box and hit Enter.
- Right-click on your Network Adapter, go to Properties, Internet Protocol Version 4 (ICP/IP), then click Properties.
- The DNS line will be set to Obtain DNS server automatically.
- Select Advanced on the DNS tab, and if there is anything there, remove it and click OK.
Step 5. Delete everything under these directories:
-
%USERPROFILE%\Downloads
-
%USERPROFILE%\Desktop
-
%TEMP%
Step 6. Go to the Registry Editor by pressing Start key + R and typing in Regedit in the dialog box. (Take note that modifying your Registry can affect your computer, be sure to create backups of entries you wish to modify or delete.)
Step 7. In the Registry Editor, press Ctrl + F to find WannaCry ransomware and other related files.
Step 8. Right-click on any entries related to the WannaCry ransomware and delete them.
Step 9. Open you File Explorer by pressing Win + E.
Step 10. Look for any malicious executable files you have saved or downloaded and ran prior to the attack and delete them.
Step 11. Go to your Recycle Bin and erase everything.
Step 12. Reboot your computer in Normal Mode.
Step 13. Scan your computer using SpyRemover Pro to check if the threat is gone.
As for decrypting your files, you can try using the Previous Versions feature in Windows. Keep in mind that this method is only effective if the System Restore function was enabled in your computer’s operating system and that using this method of file recovery may not work for everyone because some variants of the WannaCry Ransomware removes the shadow volume copies of the files. Nevertheless, it is still very much worth the try one of the best, safe and free decrypt methods available.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
