How to recover from WanaCry Ransomware attack

Have you been targetted by WanaCry ransomware and your files are now encrypted? Your not the only one who got infected. According to the latest news around 70,000 users have been infected with the worst ransomware ever created which has the ability to spread itself to other computers after it has successfully installed.How is this ransomware sp

How is this ransomware spreading so fast? They have been using the latest leaked NSA exploits which are called EthernalBlue. Microsoft has already patched this bug, but people are too lazy to update their windows which helped this ransomware to be the worst ransomware and the fastest growing ransomware every built.

The ransomware has affected big corps from German Train System to NHS hospitals and Telefonica.


The Ransomware was so fast to spread over to computers and encrypt files, but even faster that white hat hackers have already found way to decrypt the files without paying a single penny

The password to decrypt the files is “[email protected]” and now people can happily recover back their data after this massive attack without paying the hackers any ransom and path their system before getting targeted by another ransomware or any other kind of virus.


How to Prevent WanaCry attacks?

1. Make sure that these ports are closed on windows

2. Install a dedicated ransomware blocker

3. Install software updates. This case desperately calls for all Windows users to install the MS17-010 system security update. Microsoft even released it for systems that are no longer officially supported, such as Windows XP or Windows 2003. Seriously, install it right now; it’s very important.

4. Keep watching for mutations

Just because the WanaCry Ransomware has stopped spreading doesn’t mean that they won’t be any attacks, while hackers may use WanaCry code and create a more powerful one and infect more systems.

5. Backup all your data to a cloud storage so that you can recover them back when you got infected with ransomware.


What if you have been infected with ransomware?

Starting windows Safe Mode

1. The first thing you need to do is enter Safe Mode. Here is how to do that for Windows XP/7, 8/8.1, and 10.

Windows XP and 7: Before Windows starts Hit The F8 Key. Once the Boot Menu appears look for and select Safe Mode with Networking, followed by tapping Enter</strong.

Windows 8 and 8.1: Go to the Start Menu >> Control Panel, followed by Administrative Tools >> System Configuration. Next find and tick Safe Boot and then select Networking followed by Restart. Your computer should now boot into Safe Mode.

Windows 10: Go to Start Menu >> Settings >> Update and Security >> Recovery Next under Advanced Startup click on Restart Now and allow your computer to restart.

When the Choose Option Screen is available, go to Troubleshoot >> Advanced Options >> StartupSettings. And then Enable Safe Mode with Networking Option followed by selecting Enter to boot into Safe Mode.

Removing Processes

2. This next requires that you look for processes which may relate to the WannaCry ransomware. To start doing so, press Ctrl + Shift + Esc, this will open Task Manager. After which you should look through the Processes Tab carefully for unfamiliar entries.

Usually, a malicious process will consume large amounts of resources, such as CPU and RAM. If you discover something which looks out of the ordinary, Right Click and Open The File. Next Delete everything. Only do this if you are sure that the process is WannaCry related.


3. Now, we’re going to look in Startup Programs, to do so, type System Configuration into the Windows Search Bar. Followed by slecting the First Result, and then going to the Startup Tab and taking a look at the list of programs.

If you are a Windows 10 user, it’s Startup Programs can be seen in Task Manager. However, on all versions of Windows, if you feel that any have an unknown developer or just look wrong uncheck them and Click OK.

The Resistry

4. Next we’re going to take a look at the registry, to do that you need to open the Run Window, or press WinKey + R. Followed by typing regedit and hitting enter.

When the registry editor launches, press Ctrl +-F</em and type the name of the Virus Ransom.CryptXXX or WannaCry. Now, slect Find Next and remove whatever is returned that relates to that name. This should be completed for all the search results.

Virus Files

5. Finally, you need to delete other potential Virus Files, this can be done by going to the Start Menu. And then individually typing the following: %AppData%, %LocalAppData%, %ProgramData%, %WinDir%, %Temp%.

When each opens sort their content folders By Date and Delete The Most Recent folders and files. Furthermore, when you access the Temp folder remove everything from it.