WannaCry Decryptor ( or WinCry, WannaCry, .wcry, WCrypt, WNCRY, WanaCrypt0r 2.0), is already being called the “virus of 2017.” And not at all without reason. In just the first 24 hours from the moment it began spreading, this ransomware infected more than 45,000 computers. Some researchers believe that at the moment (May 15) more than a million computers and servers have already been infected. Let us remind you that the virus began to spread on May 12. The first to be affected were users from Russia, Ukraine, India and Taiwan. At the moment, the virus is spreading at high speed in Europe, the USA and China.

Information was encrypted on computers and servers of government agencies (in particular the Russian Ministry of Internal Affairs), hospitals, transnational corporations, universities and schools.

Wana Decryptor (Wanna Cry or Wana Decrypt0r) paralyzed the work of hundreds of companies and government agencies around the world

Essentially, WinCry (WannaCry) is an exploit of the EternalBlue family, which uses a rather old vulnerability in the Windows operating system (Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10) and silently loads itself into the system. Then, using decryption-resistant algorithms, it encrypts user data (documents, photos, videos, spreadsheets, databases) and demands a ransom for decrypting the data. The scheme is not new, we constantly write about new types of file encryptors - but the distribution method is new. And this led to an epidemic.

Symptoms:

After successful installation on the user's PC, WannaCry tries to spread across the local network to other PCs like a worm. Encrypted files receive the system extension .WCRY and become completely unreadable and it is not possible to decrypt them yourself. After full encryption, Wcry changes the desktop wallpaper and leaves “instructions” for decrypting files in folders with encrypted data.

At first, the hackers extorted $300 for decryption keys, but then raised this figure to $600.

How to prevent your PC from being infected by the WannaCry Decryptor ransomware?

Download the operating system update from the Microsoft website.

What to do if your PC is infected?

Use the instructions below to try to recover at least some of the information on the infected PC. Update your antivirus and install the operating system patch. A decryptor for this virus does not yet exist in nature. We strongly do not recommend paying a ransom to attackers - there is no guarantee, not even the slightest, that they will decrypt your data after receiving the ransom.

Remove WannaCry ransomware using an automatic cleaner

An extremely effective method of working with malware in general and ransomware in particular. The use of a proven protective complex guarantees thorough detection of any viral components and their complete removal with one click. Please note that we are talking about two different processes: uninstalling an infection and restoring files on your PC. However, the threat certainly needs to be removed, since there is information about the introduction of other computer Trojans using it.

1. . After starting the software, click the button Start Computer Scan(Start scanning). .
2. The installed software will provide a report on the threats detected during scanning. To remove all detected threats, select the option Fix Threats(Eliminate threats). The malware in question will be completely removed.

Restore access to encrypted files

As noted, the no_more_ransom ransomware locks files using a strong encryption algorithm, so that encrypted data cannot be restored with a wave of a magic wand - short of paying an unheard-of ransom amount. But some methods can really be a lifesaver that will help you recover important data. Below you can familiarize yourself with them.

Automatic file recovery program (decryptor)

A very unusual circumstance is known. This infection erases the original files in unencrypted form. The encryption process for extortion purposes thus targets copies of them. This makes it possible for software such as recovery of erased objects, even if the reliability of their removal is guaranteed. It is highly recommended to resort to the file recovery procedure; its effectiveness is beyond doubt.

Shadow copies of volumes

The approach is based on the Windows file backup process, which is repeated at each recovery point. An important condition for this method to work: the “System Restore” function must be activated before the infection. However, any changes to the file made after the restore point will not appear in the restored version of the file.

Backup

This is the best among all non-ransom methods. If the procedure for backing up data to an external server was used before the ransomware attack on your computer, to restore encrypted files you simply need to enter the appropriate interface, select the necessary files and launch the data recovery mechanism from the backup. Before performing the operation, you must make sure that the ransomware is completely removed.

Check for possible residual components of the WannaCry ransomware

Manual cleaning risks missing individual pieces of ransomware that could escape removal as hidden operating system objects or registry items. To eliminate the risk of partial retention of individual malicious elements, scan your computer using a reliable security software package that specializes in malicious software.