What is WannaCry?

WannaCry ransomware targets networks using SMBv1, a protocol that helps PCs communicate with printers and other devices connected to the network. This version, dating back to 2003, left computers exposed to hackers, a vulnerability labeled as MS17-010. Microsoft released a patch to fix this earlier in March for versions of Windows it still supported, but anyone who didn’t install it became an easy target for the hackers who built WannaCry.

Also known as WanaCrypt0r 2.0, or WCry, WannaCry takes advantage of PCs running Windows to encrypt files and block users from accessing them, unless they pay $300 worth of bitcoins within 3 days. After that, the price doubles.

Who is WannaCry targeting?

During a major ransomware outbreak in May 2017, Russia, China, Ukraine, Taiwan, India, and Brazil were the most targeted countries. WannaCry has affected both individuals, as well as government organizations, hospitals, universities, railway companies, tech firms, and telecommunications providers in over 150 countries. UK’s National Health Service, Deutsche Bahn, Spanish company Telefónica, FedEx, Hitachi, and Renault were among the victims.


Where WannaCry comes from

Experts have noticed that WannaCry ransomware behaves like a worm, using two attack methods found in the leaked arsenal of the NSA (ETERNALBLUE and DOUBLEPULSAR). They also found evidence linking the ransomware outbreak to the North-Korean Lazarus Group.

In 2014, the hackers — known to use bitcoin in their operations — have wiped almost a terabyte’s worth of data from Sony Pictures’ database. They also created a malicious backdoor in 2015, and were involved in an $81m cyberattack on the Central Bank of Bangladesh in 2016.

How to recognize WannaCry

You probably won’t be able to recognize WanaCrypt0r 2.0 before infection, because it doesn’t require your input to do so. This type of ransomware behaves like a worm, spreading through networks and making its way to your PC, where it finally encrypts your files. When infected, you receive a warning and you won’t be able to access your files, or worse — you won’t be able to log in to your computer at all.

How to remove WannaCry

You can remove WannaCry using an antivirus software, but unfortunately that doesn’t magically decrypt your files. Once you’ve been affected, there is little you can do about it. Avast Free Antivirus comes with a ransomware decryption tool, but the encryption in WannaCry is very strong (AES-128 combined with RSA-2048). Your best hope is recovering your files from a backup, if possible, but first you have to clean and update your computer.

How to prevent WannaCry

To stay safe from WannaCry ransomware attacks, it’s vital to keep your software — especially your operating system — up to date. Microsoft recently made patches available even for older versions of Windows it no longer official supports. Make sure you use an antivirus, as this will help detect any suspicious activity on your computer. Avast will protect you with or without a patch. Advanced users can configure their Firewall settings, to control network traffic using specified connection parameters. These are called packet rules and may include network protocols, source or destination IP addresses, and local and remote ports.

Use anti-malware to protect yourself

The bad news is that WannaCry is just one of the many threats out there. The good news is that our Avast Free Antivirus prevents malware from getting to your PC. Our Wi-Fi Inspector scans your network and finds potential security issues, and even if malware makes it past the first layers of protection, our Behavior Shield will catch it as soon as it tries to do something suspicious.

Why Avast?
  • Consistently rated “excellent” by industry experts
  • Trusted by 400 million people worldwide
  • It’s the "Antivirus with the lowest impact on PC performance” (AV comparatives)
  • Best features - unbreakable password security, home network protection, browser cleaning and much more
  • All for FREE
FREE DOWNLOAD