Why Some Computers Escaped from Ransomware WannaCry?

Posted by @Helen

September 5, 2017

While ransomware WannaCry has infected thousands of computers all over the world, some machines are still work properly. This will thanks to their safety consciousness and also their luck.

Information about WannaCry?

WannaCry, also known as WannaCrypt, WannaCryptor, Wanna Decryptor or WNCRY, is a kind of ransomware recently released by a group of hackers (Lazarus Group in suspicious) used to blackmail Windows computer users by encrypt their personal files. Those hijackers upgrade the hacker attacking virus – EternalBlue former leaked from American National Security Agency (NSA) by another group of hackers named Shadow Brokers, and make it WannaCry of ransomware. WannaCrypt exploit the Windows vulnerability naming MS17-010 and attack port 445. Thus, a great many (over 230,000 on 18th) machines over 150 countries or regions (mostly in Russia, Ukraine, India and Taiwan) have been defeated under the army of this evil action. Yet, there are still many computers which escaped from WannaCry and workly properly. Why they can survive the strong wave?

WannaCry

Why Some Computers Escaped from Ransomware WannaCry?

To figure out this question, we should firstly make it clear that how WannaCryptor works or just know something about it.

Through the research of our developer team, some conclusions are made:

1. Wanna Decryptor mainly infect documents, pictures, videos, etc. personal user data, make a copy of them and encrypt the copy. Then, it deletes the original files. Thus, once infected, users can first try to recover data by traditional data recovery software.

2. WNCRY does not encrypt data in Disk C root folders, such as Windows files and program files. Therefore, data saved in those folders won’t get loss.

3. At present, there is no killer to WannaCry. So, all we need to do is prevention. Block port 445, install Microsoft patches or update to Windows 10, step away from unsecure websites / fishing email, backup data, etc.

According to these results, we can infer that why some computers escaped from ransomware. They may be belong to one or more situations of the following:

  • Users keeping operating system updated. It is said that this attack only targets on Windows OSes, more narrowly, those Windows systems without installing patch for MS17-010 vulnerability. After the disclosure of EternalBlue, a hacker infiltration tool target on port 445, in August, 2016 by Shadow Brokers, Microsoft has been working on it and issue patch for fixing this vulnerability. Thus, users who have installed the patch are safe from attack by WannaCry.

  • Windows 10 users. A week after the first notice on WannaCrypt, hardly heard of Windows version 10 users been affected. This probably be that there is no such vulnerability in Win10.

  • Lucky personal users. Among the victims of ransomware wannacrypt0r, mostly are public systems, organizations, companies, etc. such as state-run hospitals in UK, Deutsche Bahn in Germany and Latam arilines of South America. It seems that the target of the virus is not personal home users, but we still need to do every possible prevention. Those lucky users are in most chance have strong secure conscious and keep away from suspicious websites.

  • Users who blocked port 445 coincidentally. Due to whatever reason, those users closed the 445 port before the attack. They are really lucky boys. However, those people are in little number.

There are a kind of users need to be mentioned. Their computers surely be infected, but their data won’t get loss. Why? People with strong sense of security always have a copy or backup! For those users, they have made a backup of their crucial data before accidents happen. Actually, they backup their important files regularly using schedule backup. Then, how to backup important data?

How to Deal with Encrypted Files or Unencrypted Data?

Whether your files are encrypted or not, create a backup of them both help. If you are unlucky and get infected, backup the locked files out to external device or cloud drives for future decryption. Get out of the infected computer, get out of the time limitation. If you are lucky and have not been attacked yet, do not get relaxed until you have a double insurance – a backup of crucial files.

How to backup crucial data? First and foremost, find a reliable backup software like AOMEI Backupper Free (for WannaCry ransomware). Then, create backup following the guides. Finally, make sure the backup is made, disconnect the external device and keep it in a safe condition. You can also backup to cloud drives since WannaCrypt can’t attack data on cloud services.

Backup Data for Ransomware WannaCry

Forecast for the Future

Fight WannaCryptor is a battle against the evils. We should never get relaxed even when WannaDecryptor be defeated in the future. There will be other kinds of cyber viruses in the future even we do not know when it will come into being. Back to present, with improvement are making to fight against ransomware, WannaCry will probably derive out a more lethal variant. We must prepare ourselves to any possibility. Anyhow, have a backup of our data is the strongest defence.