There is a lot of malware and ransomware invented and created to get into users Machines and make a good amount of money and one of the scariest is WannaCry Virus.
Remove WannaCry Virus is not as simple as it is, just like its name after it will really make you want to cry.
Although WannaCry Virus targets windows PC and you are using Mac will at least make you feel safe. However, if you are using a boot camp or a Virtual Machine to use windows on your Mac and using an old version it can still be vulnerable for this virus.
The reason behind we are here to guide and help you on defining what is WannaCry Virus, How it works and what are the preventive measures that you can do to avoid your Machine being infected by it.
Contents: Part 1: What is WannaCry Virus and How It Works?Part 2: How to Remove WannaCry VirusPart 3: How to Prevent WannaCry VirusPart 4: Conclusion
Part 1: What is WannaCry Virus and How It Works?
It is a ransomware worm called WannaCry spread quickly through over various PC organizes back in May 2017. In the wake of contaminating Windows PCs, it scrambles documents on Machines' hard drive.
For the clients not to access their files, at that point requests a payoff installment in bitcoin so as to decode them.
Various components made the underlying disperse of WannaCry especially essential: it struck various significant and prominent systems, that includes a lot in Service of National Health in Britain.
First discovered by the United States National Security Agency that it was Windows susceptibility that these hackers took advantage of.
It is likely connected through Symantec with the other specialists in terms of security to Lazarus Group, A Cyber Crime association that could possibly be associated with the government of North Korea.
The WannaCry ransomware comprises of different segments. It shows up on the contaminated PC as a dropper, an independent program that separates the other application segments inserted inside itself. Those parts include:
- An application that encodes and decodes information
- Records containing encryption keys
- A duplicate of TOR (Transcript of Records)
How WannaCry Virus Works
The main goal attack for WannaCry is really fascinating rather than the virus itself. The vulnerability WannaCry misuses depend on the Windows execution of the SMB (Server Message Block) convention.
The SMB convention enables different hubs on a system to convey, and Microsoft's usage could be deceived by extraordinarily made bundles into executing subjective code.
Regardless of whether a PC was already infected, WannaCry does not really start encrypting files. It first attempts to get to an exceptionally wide, babbling URL before going to work.
On the off chance that it can get to that area, WannaCry will shut down on its own. Though not so much evidence for what is the reason for this usefulness is.
A lot of researchers will execute malware through a “sandbox” area, from inside in anything URL or in IP address will seem reachable; by static into WannaCry endeavor to contact a non-sense URL that wasn't really going to exist.
Signs that your Mac has WannaCry Virus
Though WannaCry is no longer a thing nowadays and its target is Windows there could still be a possibility that your Mac can still be infected like what we have mentioned above if you are using a Virtual Machine to run Windows on your Mac.
The sign of WannaCry virus is first experiencing some slow down on your Mac and seeing a notification on your screen that your files are locked and to unlock them and regain access you have to send money via bitcoin ranging from $300 to $600.
Part 2: How to Remove WannaCry Virus
Since WannaCry Virus only infects mostly the Windows PC, here are some steps on how you could remove the virus yourself. If you are not that confident you may ask a little help on a friend on following these guides. Have your Windows patched first before doing it?
Troubleshooting 1: Using Safe Mode with Networking
If you are using Windows XP and Windows 7 users
- Start your computer in Safe Mode > Click Start > Select Shut Down > Select Restart > Click OK
- During the start process > Press F8 on your keyboard, multiple times until Windows Advanced Option Menu appears > Select Safe Mode with Networking on the screen
For Windows 8 users
- Go to Start Screen > Key Advanced > Select Settings > Click on Advanced Start Up Options
- Click the Restart Button > Select Troubleshoot button > Click on Advanced Options button
- In the Advanced Option page > Select Start up Settings > Select Restart > Press F5 on the keyboard to go to Safe Mode with Networking
Windows 10 users
- Click Windows Logo > Select the Power Icon > Choose Restart while simultaneously pressing the Shift Key on your keyboard
- Under the choose an option > Select Troubleshoot > Select Advanced Options
- On the menu > Select Start Up Settings > Click on Restart button > On the next screen press F5 on your keyboard
- This will launch your operating system in Safe Mode with Networking
Log in to your account that is infected by WannaCry Virus, Install a legitimate anti-virus program. Update the Anti-Virus Program and start scanning your PC then remove all items detected.
Troubleshooting 2: Using Defender
- Click on Start menu > Key Windows Defender on the text box
- Launch Defender and let it Scan your PC
- If there are results, utilize Defender to get rid of it
In the event that you have documents that have just been locked-up or ciphered, the easiest arrangement, on the off chance that you have an ongoing initialization is to utilize that to rescue ahead they are locked up.
In case that your back up is unavailable, there’s a lot of tools ready to download on the web that can decrypt files locked up by the WannaCry virus.
Part 3: How to Prevent WannaCry Virus
Prevention is always better than cure, now since your Machine can get infected via software or apps that are bundled with it and leech on your Machine, you will then need to be very keen prior downloading a software or app, here are some tips if the software or app is illegitimate.
- If you have an app that can detect viruses, you will be notified
- A plug-in has been downloaded from a site that is not known
- A software that has been illegally produced, Ex. A paid software that became free
- Unknown source of a software
- Software wherein the source is BitTorrent
Mostly cybercriminals mask their messages as legitimate emails, and so on. You should update software and follow the implemented functions designed by the legitimate developers.
Try not to utilize other third-party tools. All product ought to be downloaded from legitimate sites
Note: Have anti-virus software and Mac cleaner installed on your Mac and make it a habit to back up may alleviate the files being locked-up or encrypted since you can conserve the backup.
Bonus Tip: Use iMyMac PowerMyMac to Clean Up your Mac
Since WannaCry Virus does not move that quickly and can sometimes take a while before it goes to your personal files, its good to make it a habit to clean up your Mac and free up some space on your storage to improve your Macs performance.
iMyMac PowerMyMac has a lot of features that you can take advantage in a few clicks of such as:
- It can clean up various types of Junks such as System Junk, iTunes Junks and Mail Junks that are unnecessary to keep and just taking up space on your storage
- Protect your privacy by deleting cache files, browsing history, saved passwords and cookies
- Optimize the performance of your Mac by getting rid of large and old files, duplicate files and similar images.
How to Use iMyMac PowerMyMac:
- Download and Launch iMyMac PowerMyMac from imymac.com for free
- To delete System Junk, Select Junk Cleaner > Select SCAN
- Select User Logs and System Logs
- On the right side of the page, it will show the list of the junk files that you can get rid of
- Click on Select All at the top of the page if you want to delete everything
- Select CLEAN Button at the bottom right of the page
The steps are likely the same if you would like to use other categories such as Privacy, App Uninstaller, Duplicates Finder and Large and Old files.
Part 4: Conclusion
This ransomware can only affect Windows PCs. Be that as it may, Macs that are using Windows via Boot Camp or in a remote Machine they can see those simulated windows.
The virus misused a susceptibility of Windows execution of SMB and secured files in the virus affected PC, requesting payment to decode them.
Microsoft discharged a fix and, in the event, that you have an outmoded Windows computer that is infected. The most ideal approach to get rid of WannaCry is simply to refresh and utilize Defender for windows or software that fights viruses ex., Norton, and prevents viruses such as iMyMac PowerMyMac.