Hopefully nobody will get affected by the wannacry ransomware but this maybe of use if ever you do.
Firstly:
Firstly:
- Have a backup of any files that you really cannot restore or do not ever want to lose. For me these are photos as most other data files I have cloud back-ups of. It just isn't practical to have all photos in the cloud as it would take forever to get them up there.
- After backing up DISCONECT the drive. Any connected drive will be affected.
- If possible have a clean patched restorable version of Windows too. This will save time
- Finally, download wannakiwi. As the encryption is based on two prime numbers, this program tries to locate the two prime numbers used and can then unencrypt the files.
- Download wannakiwi ONLY from GitHub as this will be the source file. Getting it from anywhere else is risky (Build software better, together)
- Have wannakiwi already downloaded just in case.
- Once you have the wannacry ransom message DO NOT REBOOT. Just run the wannakiwi.exe file and let it run. It seems that there is about a 20% chance of it working as sometimes the prime numbers used for the encryption can get overwritten.
- If you have recovered the files, copy them off on a USB or disk.
- Finally wipe the PC. Latest versions of wannacry also include other Trojans and backdoors that you do not want left on you PC.