Wannacry

glenwilson

NRU Heed
15 Mar 2012
6,165
3,690
203
62
Falkirk, United Kingdom
Hopefully nobody will get affected by the wannacry ransomware but this maybe of use if ever you do.

Firstly:

  1. Have a backup of any files that you really cannot restore or do not ever want to lose. For me these are photos as most other data files I have cloud back-ups of. It just isn't practical to have all photos in the cloud as it would take forever to get them up there.
  2. After backing up DISCONECT the drive. Any connected drive will be affected.
  3. If possible have a clean patched restorable version of Windows too. This will save time
  4. Finally, download wannakiwi. As the encryption is based on two prime numbers, this program tries to locate the two prime numbers used and can then unencrypt the files.
Some points to note are:

  • Download wannakiwi ONLY from GitHub as this will be the source file. Getting it from anywhere else is risky (Build software better, together)
  • Have wannakiwi already downloaded just in case.
  • Once you have the wannacry ransom message DO NOT REBOOT. Just run the wannakiwi.exe file and let it run. It seems that there is about a 20% chance of it working as sometimes the prime numbers used for the encryption can get overwritten.
  • If you have recovered the files, copy them off on a USB or disk.
  • Finally wipe the PC. Latest versions of wannacry also include other Trojans and backdoors that you do not want left on you PC.
Hopefully you will never need this but if you do it may be of use.
 

glenwilson

NRU Heed
15 Mar 2012
6,165
3,690
203
62
Falkirk, United Kingdom
Thanks for the post though I first thought it would be about a kitchen/dish failure, BF1 or dropping valued malt whisky bottle on the floor...;)
I love how you lot have the ability to make me laugh!

Obviously prevention is better than cure but just in case. I saw it on the podcast below. The first shows how the thing works and in the second part they show potential fixes. Yes, one of the presenters is a priest but don't let that you put you off. There is no risk of conversion to or from anything. :)

Know How... 312 Networking 102: WannaCry Ransomware | TWiT.TV

Know How... 314 Networking 102 Part 3 - WannaCry 2 | TWiT.TV