How To Fix WannaCrypt Ransomware Backdoor on Windows 7, XP, 8

samson

On Friday, as many as 74 countries have been hit by a huge, fast-moving and global ransomware attack, infecting more than a dozen hospitals in the UK, businesses including FedEx, universities, Spain’s largest telecom company, and more organizations. So far, in past 24 hours, this ransomware has infected nearly 114,000 computers worldwide.

“In just a few hours, the ransomware targeted over 45,000 computers in 74 countries, including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, and that the number was still growing,” Kaspersky Lab, a Russian-based cybersecurity company, said on Friday.

The attack by the ransomware, dubbed WannaCry, is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March.

The ransomware code is named WanaCrypt and has been in use by criminals since at least February. However, a new variant dubbed WannaCry was created that makes use of a vulnerability in the Windows operating system that was patched by Microsoft on March 14. Computers that have not installed the patch are potentially vulnerable to the malicious code, according to a Kaspersky Lab blog post on Friday.

Once infected, WannaCry makes users’ computers useless unless a payment is made to those who hacked their system. It locks files on the computers and requires victims to pay $300 per computer, that is to be paid in Bitcoin, an untraceable digital currency, in order to regain control of them.

Infected computers showed a screen giving the user 3 days to pay the ransom. After that, the price would be doubled. And after seven days, the files would be deleted, it threatened.

Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.

How To Fix WannaCrypt Ransomware?

I) Reveal Hidden files and folders

  • Press CTRL+SHIFT+ESC and go to the ‘Processes Tab.’

  • Carefully look through the list of Processes and try to determine which processes are dangerous.
  • Right click on each of them and select ‘Open File Location.’ Then scan the files.
  • After you open their folder, end the processes that are infected, then delete their folders.
  • If you suspicious about any file/folder – delete it, even if the scanner doesn’t flag it. Note that no anti-virus program can detect all infections.

NOTE: Removing Wannacrypt manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter.

II) Remove the Suspicious IPs

  • Hold the Start Key and R, then copy paste the following and click OK.

notepad %windir%/system32/Drivers/etc/hosts

  • A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom.
  • Type msconfig in the search field and hit enter. A window will pop-up:
  • Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

NOTE: Ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

III) Boot your PC into Safe Mode.

How to Recover Wannacrypt Files?

  • Type Regedit in the windows’ search field and press Enter.
  • Once inside, press CTRL+F and type the virus’s Name.
  • Search for the ransomware in your registries and delete the entries.
  • Be extremely careful – you can damage your system if you delete entries not related to the ransomware.
  • Type each of the following, in the Windows Search Field:
  • %AppData%
  • %LocalAppData%
  • %ProgramData%
  • %WinDir%
  • %Temp%

Delete everything in Temp. The rest just check out for anything recently added.
NOTE: You can possibly recover Wannacrypt files by downloading ‘Data Recovery Pro.’

How To Get Unattacked By Ransomware

  • Be cautious every time you go on the Internet. Keep away from websites that appear shady and obscure.
  • Don’t download/install malicious applications. Avoid clicking on anything that does not look safe (ads, banners, online offers or browser warnings) on the internet.
  • Avoid opening unknown emails or replying to any messages from an unknown sender that are sent to any of your social network accounts. Junk mail is one of the most commonly used techniques for Ransomware distribution.
  • Install Antivirus and update it.
  • Though antivirus programs might have a hard time stopping Ransomware, it is still important that you have a high-quality security tool on your PC, since it will provide greater protection against Trojans which are sometimes used to infect PCs with Ransomware.
  • Lastly, do not forget to back-up your valuable and important files that are stored on your PC hard-drive.

STAY SAFE!

Comments

comments