Readers recently started to report the following message being displayed when they boot their computer:
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
There’s a new cyber threat, plaguing users, called Wanna Cry. The aptly named infection is of the ransomware variety. Many have complained about the tool. About how it infiltrated their system, corrupted it, and extorted them for money. And, in a nutshell, that’s how ransomware applications work. They invade via slyness and subtlety. Then, once inside, they take over. And, before you know it, your files get locked and become inaccessible. You get greeted with a message on your Desktop, as well as in all the folders, affected by the threat. It explains your predicament. States that you’re dealing with a ransomware. And, it reads you have two choices. You can either comply and pay the ransom to get your files back or not. It’s as simple as that. The infection claims tat upon receiving payment, it gives you the decryption key, you need. Apply it, and your files are free. But, in actuality, it’s not as simple as the cyber threat makes it out to be. You have no guarantees that compliance leads to positive results. None. If you pay, you will be relying on cyber criminals to keep their word. That’s quite the oxymoron, wouldn’t you agree? They can double-cross you every step of the way. After you pay, they can choose not to send you a key. Or, they can send you the wrong one. And, even if you get the proper one, and it works, what then? You still have a ransomware tool, lurking on your PC. The decryption key, you paid for, only remove the encryption. Not the threat itself. The threat remains. And, it’s free to strike again at any moment it so pleases. Don’t go that path. Do not comply. It’s a tough choice to make, but experts advise towards option two. Don’t pay. Discard your data. It’s the lesser of two evils.
The Wanna Cry menace uses trickery to invade your PC. It turns to the old but gold means of infiltration. More often than not, it hitches a ride with spam email attachments. It’s imperative to look at every email you receive with a grain of salt. Do not open any emails from unknown or suspicious senders. And, if you do, do NOT download anything attached! Other common methods include hiding behind freeware or corrupted links. Also, it can pretend to be a bogus system or program update. Like, Adobe Flash Player or Java. Whichever way it goes, there’s one final frontier it has to pass before successful invasion. You. If you’re cautious enough, you can catch it in the act. And, prevent its admission. But if you give into naivety, distraction, and haste, the odds of its success increase. And, again, you have a choice to make. Do your due diligence when allowing tools or updates into your system. Or, throw caution to the wind, and hope for the best. Note that the latter strategy almost always results in infection installs.
It’s not only because of uncertainty that experts lean towards not paying the extortionists. Yes, you cannot trust them to hold their end of the bargain. That’s a given. But there’s more to it. If you pay them, you risk your private life to no longer stay private. Let’s elaborate. When you transfer the requested sum, you leave private information. You provide personal and financial data. Data, which the cyber kidnappers can reach. Do you see our point? These strangers get a hold of your private information. And, can then use it as they see fit. Do you think that ends well for you? Don’t expose your privacy to strangers! Your files aren’t worth that great of a sacrifice. Choose privacy over data. One is replaceable. The other is not.
STEP 1: Kill the Malicious Process
STEP 2: Reveal Hidden Files
STEP 3: Locate Startup Location
STEP 4: Recover Wanna Cry Encrypted Files
Depending on your OS (x86 or x64) navigate to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
Navigate to your %appdata% folder and delete the executable.
You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.
Leave a Reply