WanaCrypt, or also known as WanaCry, is a new ransomware that wreaked havoc across the world last night, which spreads like a worm by leveraging a Windows SMB vulnerability (MS17-010) that has been previously fixed by Microsoft in March. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
Unfortunately, it appears that many organizations have not yet installed the patch.
In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. Download vulnerability patch from here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx .
People already infected with this ransomware will not get their files back. It means that no new infections will occur with yesterday’s strain. Currently, there’s no known method of breaking the ransomware’s encryption. The only viable method of getting files back at the moment is from previous operating system backups, and by paying the ransom note, as a last resort. We recommend using Max Total Security which can help you restore your file from daily back up module, Tools>Max Backup Utility. It can also detect and terminate this Ransomware from spreading further on your PC.
Max Total Security also has a newly introduced module in its tools treasure. Tools>Max Application Whitelist , this module allows you to completely protect your PC from any unauthorized, not welcome executables. In a normal day to day operation you know which programs you are going to use on your PC so just go to this tool and allow those applications whicih run from program file folder. System executables are already taken care off. From now onward , no other executable will be allowed to run on your PC, completely protecting it from any types of Trojans.