Posted on by Sharath Chandran

What is WannaCry ransomware Attack

What is WannaCry ransomware Attack

It is type of malicious software program code which will affect computer and make it hostage. After that they ask for money in terms of Bitcoin transactions to release your computer software or make it old form. Basically they lock down your computer or related services that you are performing on your machine.

There are about 200,000 computers are affected due to this cyber attack. The majorly affected countries  are India, Russia, Italy, Germany, Vietnam etc..

The business area majorly affected are Hospitals, Electronics, Universities, City services, gas stations etc…

How much the WannaCry agents would have made so far – some internet reports say they made only $56,000 out of this as on Monday May 15, 2017. Indicating that very less affected people might have responded with money they asked compared to 200,000 affected computers.

The virus affected platforms are Windows Vista, Windows XP, Windows 10, Windows Server 2016, Windows Server 2012, 2012 R2 , Windows Server 2008, 2008 R2, Windows Server 2003, Windows 8.1, Windows RT 8.1, Windows 7 etc

The virus starts to encrypt local hard drives at the beginning and then it does a scan for associated network computers

The can reach via SMB in the network and affect the networked computers.

Temporary solutions or workaround to avoid virus attack

As per internet articles as below – (Disclaimer: please refer authorized articles before you perform below task, also use your discretion. I am not responsible for any other issues that may have caused due to this)

1) steps to disable the SMBV1 is temporary workaround to avoid affecting this virus until complete solution is provided by software industry experts on this virus.

i.Go to Windows Start menu’s Search box and Type “Regedit” ,

ii.click on Regedit.exe

iii.Navigate to the path “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters”

there you change the Entry value “SMB1” of REG_DWORD: to 0  ( 0 means Disabled and 1 means Enabled)

Note:  If the Entry is not present, you can right click on “Parameters” and click New for “DWORD (32-bit)” Value

Name your Entry as “SMB1” and provide the value ‘0’ while creation

You may need to restart computer to take this in effect.

Note: There is an option to take a backup of registry prior doing the changes. Or later you can manually follow the above step and reverse the changes if complete patch is provided by security experts.