What Can I Do While WannaCry Is Spreading out?

Posted by @Helen

September 5, 2017

During the spreading out of ransomware WannaCry, users should block port 445, install Windows MS17-010 vulnerability patch provided by Microsoft or upgrade to Win 10, do not open unsecure websites and backup crucial data.

What Is Ransomware WannaCry?

On hearing of WannaCry is on May 13rd. One colleague send a news about ransomware in picture type to group chat. Since we are a developer of file/folder backup software, he indicated that this is a great chance to introduce our program to computer users. On 15th, the ransomware WannaCry became a hot topic not only in our company, but also all around the world. Soon, both ransomware and WannaCry become hot search in Google. A great many of online websites write about it. Some just report this for news while some grab this opportunity to promotion their products. Anyway, all can help readers to know WannaCry better, especially victims whose files or folders been encrypted by the virus.

What is WannaCry? WannaCry variant of ransomware, also called  WannaCrypt and Wanna Decryptor, is a kind of ransomware which will encrypt the computer files / folders, including documents, photos, videos, applications, database etc. data and make them not accessible. It upgrades form hacker infiltration tool – EternalBlue former leaked from USA’s National Security Agency (NSA) by a group of criminals called Shadow Brokers. WannaCrypt exploit the vulnerability of Windows named MS17-010 and infect computer through port 445. Once infected, no need of any further operation of computer users, it will lock all files on the machine. Hijackers make use of this virus to blackmail money paid in bitcoin. Victims have to pay ransom to get their files decrypted. Just as the virus says: “You only have three days to submit the payment, after that the price will be doubled. Also, if you don’t pay in 7 days, you won’t  be able to recover your files forever.” However, it will have free events for users who are so poor that they could pay in 6 months.

WannaCrypt

Hackers threat victims of ransomeware WannaCry by deleting all their files seven days after they are encrypted without paying the set worth of bitcoin within the time limit. Hijackers also warn victims that victims cannot recovery their files by any other data recovery software or any other person except for hijackers themselves and their decryption service. This virus also provides a service for victims to decrypt some of their files and make victims believe that their files surely can be decrypted after payment, which will encourage victims to pay.

What Is the Influence of WannaCry?

Of course this Wanna Decrytor is hated by nearly all people in the world. It has infected millions of computers in all fields: computers of a UK hospital became paralysis and so does its medical system, telecoms operations in Spain, bank system, traffic system, many college students’ thesis are locked in China, etc. It is said that some victims have paid tens of thousands dollars to the hackers, but the greater loss are caused by destroyed computer system all around the world.

DATA LOSS is and will be the greatest effect of this ransomware. Although victims’ files are still there, without access, it is equal to loss. Moreover, when it comes to the deadline, without ransom, all encrypted data will be deleted. Yet, if the payment is done, no one can guarantee the hijackers will decrypt your files. Then, what can we do after infection and before deadline?

What Can I Do While WannaCry Is Spreading out?

At present, the virus is still spreading out quickly. And, it is said that a variant of WanaCrypt called WannaSister existed on 16th. While, some improvements have been made about the source of the ransomware. Reported by Forbes, through the research of Google and secure center of Kaspersky etc. many institutes, some codes of WannaCry are 100% the same as an evil software named Contopee, which is developed by mysterious hacker organization – Lazarus Group. Yet, through data comparison, there is no other who has used such code except Lazarus Group.

At present, there is no vaccine exactly cure this virus and decrypt the encrypted files, but we do can do something to face the unexpected data loss whether we are infected or not. The faster we carry out actions the better. We need to try our best to save our data and decrease the loss to the smallest.

If you are already infected:

1. Disconnected network or block port 445 in case of further infection.

2. Backup your important data even they are encrypt to external devices with professional and secure file backup software. Then, disconnect the device from the computer. Therefore, when it comes to the deadline, WannaCrypt deleted all your files on your computer, you still have a copy of them waiting for a way to decrypt them and the time is enough. I believe there will be a solution, just do not know when it will come into being. Thus, time is important for us.

If you haven’t been infected yet:

1. Disconnected network and block port 445 in case of further infection.

2. Find a reliable antivirus software to give your computer an overall inspection to find out whether your computer is in hidden danger or not. If it is, fix it immediately.

3. Install the Windows MS17-010 vulnerability patch provided by Microsoft or upgrade to Windows 10 operating system; keep the Windows upgrades enabled.

4. Do not open unsecure websites.

5. Backup your crucial data to external devices using free data backup software for WannaCry ransomware. Then, disconnect the device from the computer.

How to Block Port 445?

1. Find Windows Firewall in control Panel. Just search it in Windows search box.

2. Click “Advanced Settings” in Windows Firewall screen.

Windows Firewall

3. Choose “Inbound Rules” and then select “New Rule…” in Windows Firewall with Advanced Security interface.

Windows Firewall with Advanced Security

4. In the pop-up New Inbound Rule Wizard, select “Port” in Rule Type column. Then, click “Next”.

New Inbound Rule Wizard

5. Input 445 in Special local ports column and click “Next” to continue.

Special Local Ports

6. Choose “Block the connection” and “Next” to go on.

Block the Connection 445

7. Specify the profiles this rule applies. Keep the default selection and go to the next step.

Profiles this Rule Applies

8. Specify the name and description of this rule. Then, click “Finish” to exit.

Name and Describe the Rule

How to Backup Crucial Documents, Photos, Videos, Database and Other Files out of Current Computer?

First of all, find a powerful and secure file backup software like AOMEI Backupper Free. Install and launch it. And, connect the external device to the computer for saving backup image file.

Notes:

  • If your machine is already infected, you have to install AOMEI Backupper Free on another healthy computer and create a bootable media (eg. USB) with it. Then, insert the bootable media into the infected computer and boot it from the media. Then, you can backup encrypted files under the WinPE (Windows Pre-installation Environment) with AOMEI Backupper since AOMEI Backupper is packed into the bootable media when you create it.

  • Here, let’s take partition backup on an uninfected computer for example.

Which to Start with

1. Choose “I Want to Backup Data”. Then, in the main interface, select “File Backup”.

File Backup

2. Specify what files to backup. Click “Add File” and select the important files you want to backup in Step1. Multiple files can be backed up simultaneously.

Select Files to Backup

3. Choose backup destination. Explore the inserted external device and set it as target location in Step2.

4. Click “Start Backup” and wait until it finishes. Finally, disconnected the external device and keep it in a safe place. Do not use it for other purpose and do not connect it to any computer (especially infected one) unless it is necessary in recent days.

Conclusion

Surfing the Internet, everyone need to prepare for unexpected virus attack like ransomware WannaCry. Backup is an all-mighty way. Whatever the accidents are, hacker attack, software error, wrong operation, physical damage and so on, the most common loss is data. Only if we keep a complete protection of our important data by making a backup of them in schedule, can we laugh over any accidents. Laugh makes life better; we don’t wannacry!