WannaCry is a serious crypto-malware, which hit the Internet community on Friday, 12 May 2017. Initially, it has been referred to as the Wana Decrypt0r due to the internal name provided on the lock screen. However, security experts soon found out that it has more variant, including Wana Decrypt0r, WannaCryptor, WannaCrypt, Wcry or WNCRY, and it is expected that the variations will keep emerging.
The first WannaCry version, Wana Decrypt0r 2.0, has been detected on May 12, 2017, after hitting the Spanish Telefonica, Portugal Telecom, and NHS Hospitals in England. However, the ransomware did not confine to the organizations and attacked home PCs running older Windows versions, which lack for Microsoft patches indexed as MS17-010, CVE-2017-0146, and CVE-2017-0147. Within a few days, this malicious software managed to infect more than 230,000 computers located in 150 countries, and these numbers make WannaCry align with the most notorious ransomware infections like Locky or Cerber.
WannaCryptor infiltrates the system via the EternalBlue vulnerability, which was detected in Windows Vista, 7, 8, 10 and Windows Server versions. This particular vulnerability has been patched with the MS17-010, CVE-2017-0146, and CVE-2017-0147 security updates, but many PCs skipped the update and left the vulnerability open.
Unfortunately, if the WannaCry ransomware encrypts data (uses AES and RSA algorithms), there is no chance to decrypt files for free. People can pay the ransom for the hackers, recover data using backups or forget about those files.
This virus was considered as an old threat that has been relatively silent, but the third quarter of 2018, news released about WannaCry recent activity and infections all over the world. This cryptovirus has already affected more devices since the current incidents that started in July 2018.
The total amount of blocked WannaCry submissions in Q3 2018, reportedly is 947 027 517 and the activity is discovered in at least 203 countries. The action indicates that this cryptovirus is not dead and the danger is real. Especially, when ransomware attacks increasingly affect big companies and services.
WannaCry also has decryptors developed by various researchers over the year of these attacks. GitHub released decryption tools for various versions, and they might work for new and active threat variants.
WannaCry's success gave the opportunity to copy the tactics
Unfortunately, the huge WannaCry “success” pushed ransomware developers to create and release the copies of the malware. At the moment of writing, security experts registered eight WannaCry copies some of which are in the development phase, while the others have already been released. Thus, be very careful and make sure to protect your PC properly. These are the Wana Decrypt0r copies:
Nr 1. DarkoderCrypt0r
DarkoderCrypt0r encrypts files located on PCs desktop, uses a lock screen similar to WannaCryptor ransomware, required for ransom, and performs all other activities typical for the predecessor. The executable file is named as @[email protected] All encrypted data get the .DARKCRY file extension and the PC user is urged to pay 300 US dollars ransom. Currently, it uses a HiddenTear code, which means that the files that it encrypts can easily be decrypted.
Nr 2. WannaCrypt v2.5
WannaCrypt v2.5 ransomware is currently in development phase. If it infects the PC, it does not lock files, except that it displays the lock screen and requires to pay the 600 US dollars ransom. It is not dangerous yet but can scare people to death.
Nr 3. WannaCrypt 4.0
WannaCrypt 4.0 is yet another WannaCry virus copy, which can be classified as non-malicious yet. It spreads just like any other ransomware virus, except that it does not encrypt files. The ransom note, lock screen, and other information are provided in the Thai language, meaning that it will target Thailand users.
Nr 4. Aron WanaCrypt0r 2.0 Generator v1.0
Aron WanaCrypt0r 2.0 Generator v1.0 is referred to as a customizable WannaCry Ransomware generator. It allows people to select the text, colors, images, font, and other settings of WannaCry lock screen. It is speculated that hackers are also using the Wana Decrypt0r executable and spreading it to generate the ransom. Luckily, this “service” is not yet available. People can only generate a customized WannaCry lock screen, but the ransomware executable is not spread.
Nr 5. Wana Decrypt0r 2.0
The Wana Decrypt0r 2.0 executable is MS17-010.exe. The lock screen and ransom note is similar to the WannaCry. The Indonesian version of the virus is available.
Nr 6. @kee
@kee ransomware encrypts personal files and provides a ransom note inside a“Hello There! Fellow @kee User!.txt“ file.
Nr 7. WannaDecryptOr 2.0
WannaDecryptOr 2.0 hasn’t yet been fully developed. It is capable of infecting computers, but cannot encrypt files. Besides, it’s lock screen, and ransom note does not provide information about the virus and instructions on how to pay the ransom. Nevertheless, it’s crucial to uninstall the virus because it may be updated shortly and encrypt the files afterward.
Nr 8. Wanna Subscribe 1.0
Not much information received yet. This is a threat written in Java and has the grey-colored design of a previously known ransom window.
As you can see, WannaCry virus has many clones, some of which are already distributed and the others are in the development phase. However, it’s critical to update and secure your PC properly. In this and this posts, you can find information on what precautionary measures should be taken to protect yourself from WannaCry attack and what steps should be taken if your PC has already been infected. Taking these preventive measures, you will protect the system from all WannaCry variants, including its imitators.
Prevent websites, ISP, and other parties from tracking you
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.
Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.
Recover your lost files quickly
Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.
Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.
Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.