Menu
homeWord

How to protect yourself from the wanna cry virus. It's not Microsoft's fault. WannaCry - woe to Microsoft or an accidental PR. Wanna Cry virus. Protecting your computer from ransomware

As you know, there is currently a massive attack on computers around the world. If you work on Windows, you are at potential risk. But don't panic and don't try to restart your computer! Better save important data to an external drive or to the cloud while everything is working. And go rest. If it later turns out that your computer is infected, you simply reinstall the system and restore the data from the backup.

In this post, I will collect tips from experts on how to protect yourself from the Wana Decrypt0r virus. The post will be updated.

Treatment recommendations:

Make sure to enable security solutions.
- Install the official patch (MS17-010) from Microsoft that addresses the SMB server vulnerability used in this attack.
- Make sure that the System Monitoring component is enabled in Kaspersky Lab products.
- Check the entire system. If you detect a malicious attack like MEM: Trojan.Win64.EquationDrug.gen, reboot your system. Double check that the MS17-010 patches are installed.

The attack took place through the well-known network vulnerability Microsoft Security Bulletin MS17-010, after which a set of scripts was installed on the infected system, using which the attackers launched a ransomware program.

“All Kaspersky Lab solutions detect this rootkit as MEM:Trojan.Win64.EquationDrug.gen. Kaspersky Lab solutions also detect ransomware that was used in this attack with the following verdicts: Trojan-Ransom.Win32.Scatter.uf; Trojan-Ransom.Win32.Fury.fr; PDM:Trojan.Win32.Generic (the System Monitoring component must be enabled to detect this malware),” noted a company representative.

According to him, to reduce the risk of infection, companies are recommended to install a special patch from Microsoft, make sure that security solutions are enabled on all network nodes, and also run a scan of critical areas in the security solution.

“After detecting MEM:Trojan.Win64.EquationDrug.gen, you must reboot the system; in the future, to prevent such incidents, use threat reporting services in order to promptly receive data on the most dangerous targeted attacks and possible infections,” the Kaspersky Lab representative emphasized.

Today our experts have added detection and protection against a new malware known as Ransom:Win32.WannaCrypt. In March, we also introduced additional protection against this type of malware with a security update that prevents malware from spreading across the network. Users of our free antivirus and updated version of Windows are protected. We are working with users to provide additional assistance.
This is an encryption virus. Such viruses are quite popular, and this is not the first time that hackers have resorted to them. Using encryption cryptography, the virus encrypts files on the infected computer. On each device, it uses a unique secret key that it generates itself. In other words, even if you decrypt it on one computer, you will decrypt it again on another.

How to deal with this?

1. Make backups. If you have a backup copy, you are not afraid of this virus, even if it got to you.
2. Always stay up to date with information security news. Information blogs such as Security Lab, Dark Reading, and others should be followed.
3. This virus exploits specific vulnerabilities that are now described on the Internet; you need to check your networks for the presence of these vulnerabilities. Don't open a file from people you don't know. Basically, letters from ransomware are sent under the guise of letters from accounting departments, or unpaid fines from the traffic police.

Virus Wanna Cry appeared on May 12, 2017. Other names for this virus: WCry or WanaCrypt0r 2.0

To date, there is approximate evidence that the virus has infected 135 thousand Windows computers and laptops in approximately 100 countries around the world.

The virus is blocking the computer. At the same time, it displays a similar picture on the screen:

The virus affects Windows computers. Microsoft took care of its users and released updates for all versions of Windows. These updates close the OS vulnerability, which allows you to avoid infection with today's version of the Wanna Cry virus. We must give Microsoft credit. It even released an update for Windows XP, which is almost 17 years old and has not been supported since 2014.


How to protect yourself from the virus?


First of all:

In order for your Windows to be as protected as possible from virus attacks, it is necessary to keep its updates up to date. For this:

  1. On Windows 7, go to Control Panel > System and Security Windows Update.




    There you will see whether Windows automatic updates are enabled and whether there are any important updates available at the moment.
  2. On Windows 10, go to Settings > Update & Security .


  3. On Windows 8.1, go to Control Panel > System and Security Windows Update .


By enabling automatic updates, you have successfully completed the first step in protecting yourself from ransomware viruses.

Below are instructions for installing an update that blocks the Wcry virus from penetrating older versions of Windows.

How to install an update on outdated versions of Windows 7, 8.1, XP, Visa.


Let me remind you that x86 in the name Windows means 32-bit version. And x64 is, accordingly, a 64-bit version of Windows.

Windows 10 x64: does not require updates,

Windows 10 (1511) x86: does not require updates,

Windows 10 (1511) x64: does not require updates,

Windows 10 (1607) x86: does not require updates,

Windows 10 (1607) x64: does not require updates,

You must understand that the virus will evolve and change. Therefore, additional steps will be required to protect against it.

If you want to stay up to date, subscribe to my YouTube channel (if you haven't signed up yet).

How to subscribe to the channel, explained in this video .

Important! >

  1. By Windows 10 the situation has cleared up a little. Everyone who tried to install updates on Windows 10 was unable to do so.
    Microsoft is monitoring the ransomware virus issue. They claim that Windows 10 is not susceptible to infection by this virus. Only if it has automatic updates enabled and they install successfully. Therefore, it is enough for Windows 10 owners to make sure of this, and there is no need to download and try to install the updates, links to which are provided below.
    Anyone interested can read those blog. Microsoft support, in clear English :)
  2. Regarding the so-called “pirates”. That is, Windows installed unofficially, activated by all sorts of tricky keys, activators, etc., etc.
    I independently installed updates on several computers and laptops with this Windows. In addition, many of my subscribers have pirates installed. I only encountered an installation problem once. And even then, it turned out that the update was already installed there. Therefore, in my opinion, it is impossible to say that this update “inhibits Windows activation.”
  3. And most importantly! All information presented in this article and on my blog is for informational purposes only. Everything you do on your PCs and laptops (if any) will be done on your own initiative.
    You alone bear full responsibility for your actions and the results of these actions..
    If you are not confident in your abilities, it is better to contact specialists.

Errors > errors that occur when trying to install updates.

  1. Windows 7 x64. Error 0x80240037. This is most likely due to an artificial limitation Microsoft introduced in January 2016 for Windows 7 and Windows 8.1. The gist in a nutshell is this. Microsoft wants users to install only Windows 10 on modern hardware (the latest processors and motherboards). It is tired of supporting outdated versions of Windows and does not allow a number of updates to be installed on PCs and laptops with modern hardware.
    Obviously, the computers of those who have this error fall into the category of “modern”. You can read more.
  2. Windows 7 x64. Error 0x80070422. There is a whole footcloth from Microsoft for this error to fix it.
    She .
    Since this update is related to the operation of ports, it is quite possible that this error is related to the activation of the Firewall.
    Whether to do everything that is written there is up to you to decide. Of course, Microsoft will not give you any guarantee that after this “everything will work.”
Do antiviruses help fight the Wanna Cry ransomware virus?

On the Avast antivirus blog it is written like this: Avast detects all known versions of WannaCry. This can be translated as follows: Avast detects all known versions of WannaCry.

There are different ways to view this statement. But if you have Avast antivirus installed, then it will not be difficult for you to update its database and completely scan your computer [laptop].

If you don't have an antivirus, download it for free and check your PC and laptop.

I have detailed video instructions on how to download and install Avast. Video .

Is there a concrete guarantee against the virus?

Many people ask: If I install and enable automatic updates, scan my computer with an antivirus, basically do everything - will this be a 100% guarantee against this virus?

Of course no. In real life, there is no universal cure for all diseases. It doesn’t exist in virtual, computer life either.

Firstly, all the measures listed above will only help, with a high degree of probability, to avoid independent penetration of the virus Wanna Cry ransomware on your computer | laptop.

But a virus may be sent to you by email as an attachment. If you run it yourself, it will most likely infect your computer. In the same way, you can click on some suspicious advertising banner and you will also download and launch a virus.

In the end, the developers of the virus modify it. And the old remedies no longer help.

Should we despair? Of course no! You've taken precautions and enabled automatic updates on your computer | laptop, do you regularly update your antivirus program and scan your PC with it?

Great! Continue to live your normal active computer life. Just be a little more attentive and careful, especially on porn sites... Just kidding! 🙂

Everything will be fine!

When creating this article, information was used from the site https://geektimes.ru/

Your friends, family and work colleagues will thank you for the information presented on this page. They also want to protect themselves from the Wanna Cry ransomware virus. Share the article with them using the buttons below.

Post navigation

Wanna Cry ransomware virus: how to protect yourself. Simple instructions.: 26 comments

    Version 10.0.10586
    System folder at 32,
    But I can’t find the corresponding link, it probably doesn’t exist for my system!?
    The video lesson is clear, it’s just a pity that I can’t use your recommendations.

  1. Hello, Evgeniy. I installed the update and restarted the computer. And the command line responds that it cannot open list and gfe. How to understand this? Install again?

    Eugene! It is me again. Now I tried again. The correct answer came, UV. Thank you very much for helping us. Promptly inform and teach how to defend yourself. Tatiana.

  2. Alexander

    Thanks for the help!

    3. Hello, Evgeniy. I watched your video, it’s very informative, but it didn’t work out for me. I did everything as you show. The screen displays “The update is not acceptable for this computer.”

  3. Frolov Alexey

    Hello, Evgeniy. I watched your video, I seemed to do everything correctly, but the update is not installed. I have Windows7x64. The Offline Update Installer - Search for updates on this computer window appears.

  4. Salnikova Tatyana

May 2017 will go down in the annals of history as a dark day for the information security service. On this day, the world learned that a secure virtual world can be fragile and vulnerable. A ransomware virus called Wanna decryptor or wannacry has captured more than 150 thousand computers around the world. Cases of infection have been recorded in more than a hundred countries. Of course, the global infection has been stopped, but the damage is in the millions. Waves of ransomware are still affecting some individual machines, but the plague has so far been contained and stopped.

WannaCry – what is it and how to protect yourself from it

Wanna decryptor belongs to a group of viruses that encrypt data on a computer and extort money from the owner. Typically, the amount of ransoming your data ranges from $300 to $600. Within a day, the virus managed to infect a municipal network of hospitals in the UK, a large television network in Europe, and even part of the computers of the Russian Ministry of Internal Affairs. They stopped it thanks to a happy coincidence of circumstances by registering a verification domain that was built into the virus code by its creators to manually stop the spread.

A virus infects a computer in the same way as in most other cases. Sending letters, social profiles and simply surfing essentially - these methods give the virus the opportunity to penetrate your system and encrypt all your data, but it can penetrate without your explicit actions through a system vulnerability and an open port.

WannaCry penetrates through port 445, using a vulnerability in the Windows operating system, which was recently closed by released updates. So if this port is closed for you or you recently updated Windows from the office. site, then you don’t have to worry about infection.

The virus works according to the following scheme - instead of data in your files, you receive incomprehensible squiggles in Martian language, but to get a normal computer again, you will have to pay the attackers. Those who unleashed this plague on the computers of ordinary people use bitcoins to pay, so it will not be possible to identify the owners of the evil Trojan. If you do not pay within 24 hours, the ransom amount increases.

The new version of the Trojan translates as “I want to cry” and the loss of data may bring some users to tears. So it is better to take preventative measures and prevent infection.

The ransomware exploits a vulnerability in Windows that Microsot has already fixed. You just need to update your operating system to security protocol MS17-010 dated March 14, 2017.

By the way, only those users who have a licensed operating system can update. If you are not one of those people, then simply download the update package and install it manually. You just need to download from trusted resources so as not to catch an infection instead of prevention.

Of course, protection can be of the highest level, but much depends on the user himself. Remember not to open suspicious links that come to you by email or on your social profile.

How to cure Wanna decryptor virus

Those whose computers have already been infected should prepare for a long treatment process.

The virus runs on the user's computer and creates several programs. One of them begins to encrypt data, the other provides communication with ransomware. An inscription appears on your work monitor, explaining to you that you have become a victim of a virus and offering to quickly transfer money. At the same time, you cannot open a single file, and the extensions consist of incomprehensible letters.

The first action that the user tries to take is data recovery using the services built into Windows. But when you run the command, either nothing will happen or your efforts will be in vain - getting rid of Wanna Decryptor is not so easy.

Yes, this virus shouted very loudly to the whole world on May 12th. Wanna Cry turned out to be not the kind of virus that quietly and calmly spreads throughout the world from computer to computer, with which antiviruses are gradually learning to work and which over time becomes one of the figures in the table of recognized viruses.

No, everything is much more complicated here. The virus spread throughout the world in just a few hours. Russia and China suffered especially; Australia held out for some time, but it also fell into this “hole.”

Encrypted computers display statements for hundreds of dollars worth of bitcoins, with no guarantee of unlocking the files. This speed and scale is largely due to a number of factors. Now that the genie is out of the bottle, we can expect to see new variations of this ransom.

The most affected countries, according to our data, are: Russia, Ukraine, Taiwan, India, Brazil, Thailand, Romania, Philippines, Armenia and Pakistan. More than half of the attempted attacks we recorded were in Russia. Large institutions were also hit hard, especially hospitals and other public services. Many of them rely on legacy systems to operate and simply fail to update their systems.

It came to speeches by the world's leading politicians. One of the Microsoft executives also made a loud statement, directly accusing the US intelligence services of irresponsible behavior. The fact is that, it turns out, the American FBI has been researching the Windows system for all sorts of flaws and loopholes over the past few years. For your own purposes, of course. And loopholes were found - it’s not gods who work at Microsoft either, they also tend to make mistakes.

If you have not already done so, install an updated antivirus

Here are some of the steps you should take to stay safe. However, millions of users ignored these updates.

Stay on the lookout for phishing emails and links

Even goes beyond detecting normal code signatures and looks at the actual behavior of installed applications. This way, even if he doesn't know what the next option will look like, he'll know to catch it when he sees it in action.

The same thing that makes encryption such a powerful tool when it's used to protect information also makes it such a problem when it's used to heal. If you are infected, here are some recommendations. We know it's not very sensitive when your personal photos or important work files are at stake. But there's no guarantee that your files will be decrypted or that criminals won't just run away with the money. Payment only makes these schemes more attractive. And any contact with attackers gives them a greater chance of infecting you with more malware. Isolate him from the Internet as soon as possible. Stop the malware from spreading to others or get more instructions from those who created it. Restoring from a Backup If you follow the guidelines and save a backup on an external hard drive, you can use it to restore your data. You should be able to access the version history of your files and restore them to an earlier, unencrypted state. We are working on a decryption tool that can recover your files.

  • Don't pay the ransom.
  • Whatever happens, we do not recommend that you pay the ransom.
  • Never pay a ransom: there is no guarantee that you will get your files back.
This threat detects the following symptoms of infected systems.

The only problem is that somehow the research of US detectives suddenly became known to the entire computer world, or rather to those who found an opportunity to profit from them.

As a matter of fact, the way the Wanna Cry virus spreads is traditional:

Wannacry can also be launched through unfamiliar exe or js files; infection may also occur through a graphic file (and what could be more tempting than a sexy picture).

Protection against viruses and corporate threats. Endpoint protection with adaptive threat protection - true protection and dynamic application compression. Purpose of the rule = security. Dynamic application containment - restriction rules. Rule name: Execute any child process.

Rule name: changing user data folders. Rule name: change registration locations at startup. Rule name: Read or modify files anywhere on the network. Rule Name: Create files in any network location. Rule name: change hidden attribute bits.

There are cases where infection occurred simply because the computer was online. He does not ignore cloud technologies either - its preachers have been completely put to shame, they are not as protected as we are constantly told. In general, at the first glance at the current situation, there is an edge from which there is no way out, there is a wall in front, and nowhere to go back.

These content updates are available in current builds. Why do you call access protection rules in general? Rule names do not affect the rule itself and can be named anything you like. The threat of cyberattacks, which has kept international services busy, will “continue to grow” as people return to work on Monday, Europol's boss has warned.

Rob Wainwright, director of Europol, said the attack would hit both the private and public sectors.

My concern is how the numbers will continue to rise as people go to work and return their cars on Monday morning. He said: We are facing an increasing threat at the moment, the numbers are rising, I am concerned about how the numbers will continue to rise as people get to work and turn their cars on Monday morning.

At first, it seemed that only the system drive “C:” was becoming the target of the virus. But as the situation developed, it turned out that the virus had spread to removable drives, which, unexpectedly, to Windows 10. There is no need to talk about flash drives, they simply “burn like candles.”

Microsoft is not to blame

Many of these will be businesses, including large corporations. The National Cyber ​​Security Center has released its latest advisory on the virus. How can you tell if your computer is infected? A ransom message, a countdown timer and a Bitcoin wallet for depositing funds will appear on the screen.

The biggest cyberattacks, hacks and data breaches

From viruses to data breaches, cybercrime is far from a modern invention - here's a list of the biggest attack sites in history. What's the best way to protect your system? For particularly vulnerable systems, they should be closed as a final fail-safe way to stop the ransom.

How it manifests itself

WannaCry is a program called WanaCrypt0r 2.0, which exclusively attacks PCs running Windows OS. The program exploits a "hole" in the system - Microsoft Security Bulletin MS17-010, the existence of which was previously unknown.

The WannaCry virus spreads through email. After opening an attachment in a spam email, the encryptor is launched and the encrypted files are then almost impossible to recover.

3 What should you pay attention to to avoid infecting your computer with the WannaCry virus?

Pay close attention to what they send you by email. Do not open files with these extensions: .exe, .vbs And .scr. Fraudsters can use several extensions to disguise a malicious file as a video, photo or document (for example, avi.exe or doc.scr), writes ru24.top.

Ilya Sachkov, CEO of the company for the prevention and investigation of cybercrimes Group-IB, advises: “In the case of WannaCry, the solution to the problem may be to block port 445 on the Firewall, through which the infection occurs.” To detect potentially malicious files, you need to enable the "Show file extensions" option in Windows settings.

4 What has Microsoft done to protect Windows from the WannaCry virus?

Microsoft has already released a patch - just run Windows Update to the latest version. It is worth noting that only users who have purchased a licensed version of Windows will be able to protect their computer and data - if they try to update a pirated version, the system will simply not pass the test. It is also necessary to remember that Windows XP is no longer updated, as, of course, are earlier versions, reports Rorki.ru.

5 The simplest ways to protect yourself from the WannaCry virus

To avoid catching the WannaCry virus on your computer, you need to follow a few simple safety rules:

  • update the system on time - all infected PCs were not updated,
  • use a licensed OS,
  • do not open suspicious emails,
  • do not click on dubious links left by untrustworthy users.

6 What should you do if you caught the WannaCry virus on your computer?

If you suspect that your computer is infected with the WannaCry virus, you must disconnect your device from the Internet or Wi-Fi - this will prevent the virus from spreading, advise Group-IB. Recommendations from experts: never pay a ransom to scammers, since there is no guarantee that the attackers will send the decryption key, advises alldaynews24.ru.

6 How to minimize the damage from possible infection with the WannaCry virus?

Kaspersky Lab suggests regularly making backup copies of files: “Keep copies on media that are not constantly connected to the computer. If there is a recent backup, then infection with an encryptor is not a tragedy, but just a loss of several hours to reinstall or clean the system.”

The WannaCry virus thundered throughout the world on May 12, on this day a number of medical institutions in the UK announced that their networks had been infected, the Spanish telecommunications company and the Russian Ministry of Internal Affairs reported repelling a hacker attack.

WannaCry (the common people have already nicknamed it Wona's Edge) belongs to the category of ransomware viruses (cryptors), which, when it gets onto a PC, encrypts user files with a cryptographic algorithm, subsequently making it impossible to read these files.

Currently, the following popular file extensions are known to be subject to WannaCry encryption:

  1. Popular Microsoft Office files (.xlsx, .xls, .docx, .doc).
  2. Archive and media files (.mp4, .mkv, .mp3, .wav, .swf, .mpeg, .avi, .mov, .mp4, .3gp, .mkv, .flv, .wma, .mid, .djvu, .png, .jpg, .jpeg, .iso, .zip, .rar).

WannaCry - how the virus spreads

Earlier, we mentioned this method of spreading viruses in an article about, so that’s nothing new.

A letter with a “harmless” attachment arrives at the user’s mailbox - it could be a picture, video, song, but instead of the standard extension for these formats, the attachment will have an executable file extension - exe. When such a file is opened and launched, the system is “infected” and, through a vulnerability, a virus is directly loaded into OS Windows, encrypting user data.

This may not be the only method of spreading WannaCry - you can become a victim by downloading “infected” files on social networks, torrent trackers and other sites.

WannaCry – how to protect yourself from the ransomware virus

1. Install a patch for Microsoft Windows. On May 14, Microsoft released an emergency patch for the following versions - Vista, 7, 8.1, 10, Windows Server. You can install this patch simply by running a system update through the Windows Update service.

2. Using anti-virus software with up-to-date databases. Well-known security software developers, such as Kaspersky, Dr.Web, have already released an update for their products containing information about WannaCry, thereby protecting their users.

3. Save important data to a separate medium. If your computer does not support it yet, you can save the most important files to a separate medium (flash drive, disk). With this approach, even if you become a victim, you will save the most valuable files from encryption.

At the moment, these are all known effective methods of protection against WannaCry.

WannaCry decryptor, where to download and is it possible to remove the virus?

Ransomware viruses belong to the category of the most “nasty” viruses, because... in most cases, user files are encrypted with a 128bit or 256bit key. The worst thing is that in each case the key is unique and decrypting each one requires enormous computing power, which makes it almost impossible to treat “ordinary” users.

But what if you become a victim of WannaCry and need a decryptor?

1. Contact the Kaspersky Lab support forum - https://forum.kaspersky.com/ with a description of the problem. The forum is staffed by both company representatives and volunteers who actively help solve problems.

2. As in the case of the well-known CryptXXX encryptor, a universal solution was found for decrypting files that have been encrypted. No more than a week has passed since WannaCry was discovered, and specialists from antivirus laboratories have not yet managed to find such a solution for it.

3. The drastic solution would be to completely remove the OS from the computer, followed by a clean installation of a new one. In this situation, all user files and data are completely lost, along with the removal of WannaCry.