WannaCry - decrypt files
The virus - extortionist WannaCry attack on 12 May on Friday more than 75,000 computers around the world. Basically large companies
affected, organizations, transportation companies, medical and educational institutions, even the Interior Ministry WannaCry not bypassed.
At the moment, it affected more than 300,000 computers in more than 100 countries. WanaCrypt0r 2.0, or as it is "WannaCry" called, spread by
email attachments. Once in the system, the virus scans the drives and network folders for files with certain extensions (more than 160) and
encrypts them by adding expansion .WNCRY. Then connect the worm functions - spread itself, WannaCry scans for available ip addresses on port
445 and is distributed on a local network. Removed the encoder as well as other encoders - Windows blockers, entering the system through a
"safe mode" startup and registry cleaning, physically removing the virus files, delete unnecessary entries from the file C: \ Windows \
System32 \ drivers \ etc \ hosts. BUT, if you see on your monitor characteristic window WannaCry, which requires you to send 300 $ to
Bitcoin wallet, in any case not in a hurry to turn off or restart the computer, there is a chance to decrypt the files!
Wanakiwi - utility in most cases will help to decipher the encrypted virus WannaCry files, but only if, after the infected computer from
turning off, and the process to generate the key is still running. Given the fact that this method is based on a scan of the process address
space that generated the keys, which means that if the process is killed, for example by rebooting - the initial process memory will be
lost. It is important that users are unable to reboot your system before recourse to Wanakiwi.
When Wanakiwi start automatically searches for processes such as:
- wnry.exe
- wcry.exe
- data_1.exe
- ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
- tasksche.exe
But if in your case the name of the process is different from the standard Wanakiwi can run through the cmd console parameters pid or
process , clearly stating the program with how the process works:
wanakiwi.exe [/pid
ID|/processrogram.exe]
In operation wanakiwi will decrypt files by creating them as new, without affecting the encrypted files with the extension .WNCRY.
After the files are decrypted recommended important files copied to an external storage device or cloud storage, then reboot the system in
"safe mode" and remove the virus files and traces of his presence. Then upgrade the operating system. Microsoft has released updates for all
affected systems, including for longer supported by windows XP.
Download
The virus - extortionist WannaCry attack on 12 May on Friday more than 75,000 computers around the world. Basically large companies
affected, organizations, transportation companies, medical and educational institutions, even the Interior Ministry WannaCry not bypassed.
At the moment, it affected more than 300,000 computers in more than 100 countries. WanaCrypt0r 2.0, or as it is "WannaCry" called, spread by
email attachments. Once in the system, the virus scans the drives and network folders for files with certain extensions (more than 160) and
encrypts them by adding expansion .WNCRY. Then connect the worm functions - spread itself, WannaCry scans for available ip addresses on port
445 and is distributed on a local network. Removed the encoder as well as other encoders - Windows blockers, entering the system through a
"safe mode" startup and registry cleaning, physically removing the virus files, delete unnecessary entries from the file C: \ Windows \
System32 \ drivers \ etc \ hosts. BUT, if you see on your monitor characteristic window WannaCry, which requires you to send 300 $ to
Bitcoin wallet, in any case not in a hurry to turn off or restart the computer, there is a chance to decrypt the files!
Wanakiwi - utility in most cases will help to decipher the encrypted virus WannaCry files, but only if, after the infected computer from
turning off, and the process to generate the key is still running. Given the fact that this method is based on a scan of the process address
space that generated the keys, which means that if the process is killed, for example by rebooting - the initial process memory will be
lost. It is important that users are unable to reboot your system before recourse to Wanakiwi.
When Wanakiwi start automatically searches for processes such as:
- wnry.exe
- wcry.exe
- data_1.exe
- ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
- tasksche.exe
But if in your case the name of the process is different from the standard Wanakiwi can run through the cmd console parameters pid or
process , clearly stating the program with how the process works:
wanakiwi.exe [/pid
ID|/processrogram.exe]In operation wanakiwi will decrypt files by creating them as new, without affecting the encrypted files with the extension .WNCRY.
After the files are decrypted recommended important files copied to an external storage device or cloud storage, then reboot the system in
"safe mode" and remove the virus files and traces of his presence. Then upgrade the operating system. Microsoft has released updates for all
affected systems, including for longer supported by windows XP.
Download
Пожалуйста,
Вход
или
Регистрация
для просмотра содержимого URL-адресов!
