[PythonRaze]

This Might be old but it is always good to share with a friend that has no knowledge of removing ransomware, and spreading protection across the community insuring everyone is protected and protected from malicious entities.

WannaCry

Also known as Wanna Decryptor or WCry is the fastest emerging ransomware, here we present you all possible ways to prevent it.

WannaCry, widely reported as the most significant ransomware attack to date, was first detected on Friday in Britain, crippling hospitals and doctors’ offices – and even causing some patients to be refused for treatment. It also created significant disruptions in Ukraine, India and Taiwan, France and Germany.

How to Prevent ?

A. Disable Server Message Block (SMB)

It is widely accepted that these ransomwares attack open ports of SMBs, disable SMB by following these steps :

1. Run Windows Features (found in Uninstall Programs or search)
2. Untick SMB 1.0 / CIFS File Sharing Support
3. Restart your PC

B. Install Security Update by Microsoft

Microsoft has officially release a security update with definitions that identify vulnerable ransomware.

1. Go to this page : Click Here
2. Chose your operating system and download the update
3. Install it normally and restart your PC

C. Update Windows Defender

Microsoft has also launched new definitons for Windows Defender, you may update it as :

1. Run Windows Defender
2. Go to Update Tab and click on Update button

D. Monitor your surfing and downloads

In such scenario, your browsing activities might take you into trouble, follow these steps :

1. Visit site that are protected by Secure Sockets Layer (SSL) which means the sites with https
2. Do not download ANYTHING from non trusted sites

E. Backup Data

Yes, it is the right time to backup your important data, as above instructions are to prevent ransomware, not to stop it.

1. Buy an external Hard Disk Drive
2. Backup Important Data or upload on Google Drive

Direct Download Link

Secuirty Update By Windows
Microsofts Guide to prevent

[mothered]

1. Visit site that are protected by Secure Sockets Layer (SSL) which means the sites with https
2. Do not download ANYTHING from non trusted sites

I strongly advise to have dedicated systems, one for sensitive account logins (and nothing more) and the other being a test system solely for experimental purposes when navigating around the net. If the latter Is compromised, you have nothing to lose other than an hour or so hitting a clean Installation of the OS.

VMs are fine but If you're running a bridged connection (Guest to Host), there's always a risk of Infection on the physical machine.

E. Backup Data
Yes, it is the right time to backup your important data, as above instructions are to prevent ransomware, not to stop it.

1. Buy an external Hard Disk Drive
2. Backup Important Data or upload on Google Drive

I'm glad you've mentioned the Importance of data backup.

In terms of performing backups, I've always gone by my motto of "Today Is never too early, and tomorrow Is always too late".

[reGEN]

I've reversed engineered the WannaCry ransomware myself and there are a couple of "unofficial" ways to stop it from encrypting your files.

1. Relocate all your files into directories such as the Windows or Program Files directory. WannaCry skips these directories when iterating through the file system probably for optimisation?
2. Hook the mutex creation of the value(s) that it uses. WannaCry will check the existence of a mutex to test whether it should start the actual ransomware executable for encryption. This is probably something an anti-virus c/would do. Of course this could change and is more of a vaccine for existing strains.

It might be interesting to note these methods because it could be common behaviour that span across generic ransomware. Unfortunately, ones like Petya still target the boot loader so no matter what you do, you'll still lose access to your files. Perhaps it's also a viable option to run the entire computer under a sandbox so that any changes made to the computer will be reset each reboot, something that would be used in a school environment. One that I've encountered is called "Deep Freeze" but it should be noted that there exists methods which could persist files to survive resets such as special directories and, of course, exploits (probably very unlikely for generic "shotgun"-approach malware; more for a targeted attack scenario).

[mothered]

Perhaps it's also a viable option to run the entire computer under a sandbox so that any changes made to the computer will be reset each reboot, something that would be used in a school environment. One that I've encountered is called "Deep Freeze"

In my experience, Deep Freeze works very well In rolling back to It's previous state after reboots.

As you mentioned (and as I've also experienced only a couple of times), It's not 100% fail-safe, but certainly worthy of Installing.