Started on Friday 12 May 2017 there are thousands of computers infected by Ransomware called WannaCry. WannaCry ransomware attack thousands of computers around the world by encrypting data file such as documents, photos, videos, database and other files. They asking $300 money sent to bitcoin in three days, after three days they will double the price to $600 and after 7 days your files will be lost.
Ransomware are malicious program that asking money to the people which their files already infected. They first encrypt the file and asking money to Decrypt it. It spread through network, if you
How to prevent Ransomware program like Wanna Cry?
Here are steps to prevent Wanna Cry Ransomware infecting your computer
- Always update your Windows operating system. Microsoft are always updates their system to improves and patch security hole that may exploited by some people for bad intentions.
- Always update your anti virus system, as an additional to Windows updates system, but mandatory. Windows update only will not able to detect virus and remove them.
- Do not click any attachment from unknown people, even if it come from person you know, ask him first whether she or he really send the attachment file. Because some virus also send email using someone you know.
- Avoid using USB drive, if you are using USB drive to work with files to and from home and office, alternatively you can use cloud drive such as Google Drive, Microsoft OneDrive, Dropbox.
Below is screenshot of a computer infected by WannaCry virus (Ransomware).
How to check if your computer already protected from WannaCry attack
If your computer OS is Windows 7
Make sure your computer system already installed patch KB4012212 or KB4012215, you can read about this patch at the link below.
Check manually via control panel
Open control panel>Program and features>View Installed Updates if you found KB4012212 then your computer is protected. Just make sure that your antivirus is also updated.
Check semi-automatic using script WMIC
If checking on local computer, type following command on comouter’s command prompt
wmic qfe get | findstr “KB4012212”
To checking remote PC:
wmic /NODE: COMPUTERNAME qfe get | findstr “KB4012212”
You have to logon as administrator user into the targeted computer. In my case I only need to logon as local administrator from my computer and run the script. All the administrator account having the same password throughout the organization.
Windows patch for Windows Server 2008 system
Windows Server 2008 32 bit:
Windows Server 2008 64 bit:
Windows Server 2008 Itanium based
If you still have any Windows 2003 servers or any XP computers:
You have to manually install a patch from the following website. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
If your server Windows Server 2008 R2 (all editions)
Windows Server 2008 R2 X64 based:
Windows Server 2008 R2 x64 based:
How to cure computer that already infected?
We don’t have information about how to remove WannaCry ransomware yet if already infected. When we have the information will update this posting immediately.
How to prevent WannaCry from spreading
Luckily a 22 year old from UK MalwareTech https://twitter.com/MalwareTechBlog has stopped the WannaCry ransomware by registering a domain name that contain in the virus code.
If that domain pinged and got reply not found then the virus will keep spread and vice versa it will stop when domain already registered. To registered the domain name only about $10.
As the virus spreading already stopped do I still need to update my system and installing patches above?
Yes definitely you still those patches and updates because I am sure the creator of virus will create new code, change the domain, etc.
By having your Windows system updated you already minimize the chance of getting infected by other ransomware virus in the future.