Ransomware WannaCry is a concern for computer users worldwide. In addition to the fear of kidnapping data to blackmail victims like other "teammates", WannaCry is so dangerous that it will attack hospitals, schools or airports ... affecting children's lives. people.
Because it is a new type of malware, computer users are still very confused to find ways to prevent or overcome when the computer is attacked by this type of malware. However, you can also prevent the computer from being infected by using some specialized ransomware removal software such as:
Preventing WannaCry is not easy (because besides the subjective reason that the user clicks, opens the wrong files, the link contains malicious code, if you are connecting on the LAN, you can also be indirectly infected from any computer on the network), but we can also minimize this risk if we are more careful.
The computer was attacked by WannaCry ransomware
However, if unfortunately you've been exposed to WannaCry ransomware, many people (with no experience in computers and information technology) will feel scared, confused and not sure what to do when the computer is infected with WannaCry ransomware. If in Vietnam, you can refer to the following article.
1. Never give up and accept ransom payments to hackers
One characteristic of ransomware malware is that, after infiltrating a computer, they look for predefined data formats or files containing important user data. Automatically copy all the data and then delete the original, now the only thing that holds your document is the encrypted file of the bad guy, and to get it back, you have to pay the corresponding value. of those data.
However, according to recommendations from cyber security experts around the world, no matter what the data you lose and how important, you should not pay a ransom for two main reasons:
- What to expect after you pay, your data will be returned (not to mention whether or not paid enough?).
- There is no guarantee that you will not be attacked again, even a few more times.
2. Reset the computer
The word reset does not mean a reboot, but essentially a reset of a new Windows operating system. In fact, with viruses and most ransomware running on the Internet, this is an effective way to fix it, so if your computer is infected with WannaCry, we can try this as well.
The tool we are going to use is Winsock , specifically:
- From the main interface of the computer, left-click on the Start icon (lower left corner of the screen).
- Enter the Run keyword in the Search box and then Enter .
- A new window appears, continue to import Cmd into Open and then OK .
The cmd command window appears as follows, enter two commands in turn:
netsh winsock reset catalog
netsh int ip reset reset.log hit
For new operating systems like Windows 10, go to Settings / Update and Security / Recovery / Reset this PC . Then choose one of the two items below:
- Keep my files : Keep the data files.
- Remove everything : Delete all data.
Because when WannaCry is attacked, it means that all your data is encrypted, so the best advice here is that you should delete all data. However, you can also consider if you have not backed up important data, this can cause a lot of trouble.
With older Windows operating systems, without this feature, users will need to reinstall Windows or Ghost computer .
3. Restore the computer to the time before WannaCry infection
If you do not want to delete your computer data and are using some new versions of Windows, computer users can restore the operating system to a specified time (maybe when your computer is still "new"). "). The advantage of this is that it can help clean the malware and viruses that the computer is attached to, but it also has the disadvantage of not always being able to recover files that have been encrypted by ransomware.
However, after getting WannaCry, even a little hope of saving the encrypted files is praiseworthy. The operations are as follows:
On Windows XP:
- Right-click My Computer / select Properties .
- Select the System Restore tab , tick Turn off System Restore .
- Click Apply / OK .
On Windows 7 and above:
Step 1: From the main interface of the computer, left-click the Start icon in the left corner, below the screen to display a list of options and applications. Right click on Computer and select Properties .
Step 2 : Control Panel Home window appears, left click on System protection (on the left).
Step 3 : Left-click Configure ... as shown below.
Step 4 : Tick the box Turn off System Restore (or Disable System Protection ). Then OK to save and close the window just manipulated.
The reason that we have to turn off this feature, because many sophisticated viruses will automatically copy them into the System Restore folder of the computer. So when we turn off this feature, it also means that the virus can not reinstall itself every time we restart the computer.
4. Download and install some anti-malware (anti-ransomware) tool
There are many anti-virus software on the market, however, with ransomware is not much, so while WannaCry is raging and causing a lot of panic today, the installation of a professional ransomware (from genuine) is absolutely something to consider.
Here are some such software that you can refer to:
However, it should be noted that users should only download these tools from the company's homepage or extremely reliable addresses, because there are many sources of installation, but if not careful, then it is the That source is the place to distribute malicious code to your computer.
5. Follow the instructions of Microsoft and Valuewalk
The general advice from this vendor is to always update your antivirus software and Windows, in particular:
- Always keep your Anti-virus and Firewall software up to date to protect yourself against Ransomware and other attacks.
- Update your operating system regularly, as software updates will include new patches and help you avoid being exploited by hackers.
- If you receive e-mail attachments from a stranger, never open them. Whether it's a friend or a common address, you can't be sure it's a friend from you, or WanaCry sends it to you.
- Close port 445 or disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server.
Access to Safemode to remove ransomware if unfortunately encountered:
Windows XP and Windows 7 :
- Before Windows boots, press the F8 key .
- When the Boot Menu appears, select Safe Mode with Networking , then press Enter .
Windows 8 and Windows 8.1:
- On the Start Menu / Control Panel .
- Click on Administrative Tools / System Configuration .
- Next, find and highlight Safe Boot and select Networking and Restart .
- Your computer will now boot into Safe Mode - Safe mode .
Windows 10:
- On the Start Menu / Settings / Update and Security / Recovery .
- Next, click Advanced Startup / Restart Now to restart your computer.
When the Choose Option Screen appears, select Troubleshoot / Advanced Options / StartupSettings . And then enable Enable Safe Mode with Networking Option , then select Enter to boot into Safe Mode .
ATTENTION:
Depending on the computer brand and the different model, the BOOT movie will be different, if you do not remember, you can access this article to review the Boot key on your computer .
6. Backup important data in computer
Prevention is better than cure is the most appropriate saying at this time. Instead of installing anti-virus software on computers, scanning and removing ransomware when the computer is infected, we can completely back up the data in our computer to online storage services or external hard drive. , USB to save.
However, the effectiveness of this method to no one has mentioned. Only if the computer is infected with a virus, the use of online storage services is important, necessary and much more effective than when using tools that must be connected directly to the computer.
You can share this article with your friends and relatives to help them learn how to prevent WannaCry ransomware and protect your personal data.
I wish you successful implementation!