WannaCry or WannaCrypt0r 2.0 is a new type of ransomware malware which has already infected more than 75,000 computers in 99 countries.
As usual, attacker encrypts your computer files and demand for ransom payments. WannaCry is targeting large number of file types including .ppt, .docs, .xlsx, .zip, .rar, .tar, .bz2, .mp4, .sql, .php, .java, etc.
If your computer is a victim of WannaCry ransomware or not sure, then the following solution is known to rescue from it.
For another Ransomware, continue reading.
What is Ransomware?
As the name says – it’s computer malware that gets installed on a victim’s PC to lock or encrypt the data, and they demand you to pay (ransom) to decrypt it.
There are multiple types of ransomware and mostly categorized in three levels.
- Low risk – fake antivirus tool pretends to find malware and ask for money to fix it.
- Medium risk – lock the browser or screen and claim to be from the legal entity and mentioned that you need to pay fine as they detect some illegal activity from your PC.
- Dangerous – encrypt the data and demand for money to decrypt it back.
So, you see, once data is encrypted, you need to find the right tool/service that can help you in decrypting.
As a precautionary, one should always keep OS, software up-to-date, and use basic antivirus/firewall/security to prevent being hacked.
Do you know what kind of malware is injected on your PC?
I know it’s scary, but doesn’t worry, the following services will be able to help you with that.
ID Ransomware
ID Ransomware helps you to check which ransomware has encrypted the data. You need to upload the sample encrypted file and note, which shows the name and payment information.
It detects for more than 250 types of ransomware, and if found they may redirect you to the right direction to decrypt it.
No More Ransom
You would require uploading the encrypted file (not larger than 1 MB) to No More Ransom, and they will advise if there is a solution available to decrypt the file.
However, if you know your PC is infected with the following ransomware, then you may download the decrypting tool.
- Shade
- Rakhni
- WildFire
- Rannon
- CoinVault
- Teslacrypt
- Chimera
Spyware Scanner by Enigma specifically helps you to find if infected with LeChiffre, CryptoLocker ransomware. In the free version, you can scan your PC, and if found, you need to buy the Spyhunter’s malware removal tool.
Trend Micro
You may use Trend Micro’s Screen Unlocker tool if infected with “Lock Screen” malware. There are two scenarios for the lock screen issue.
Blocking normal mode but safe mode with networking still accessible
Blocking both normal and safe mode
If your file is encrypted with the following ransomware, then you may also use Trend Micro’s Ransomware file decryptor.
- Crysis
- Crypt
- TeslaCrypt
- SNSLocker
- 777
- LeChiffre
- Numucod
- Chimera
- MirCop
- Jigsaw
- DXXD
- BadBlock
- Autolocky
- XORIST
- XORBAT
- Stampado
Refer to the official document for a step-by-step guide and updated list of ransomware.
Thor Premium Home
With a twist of unique threat prevention, Thor Premium Home is a wonderful option that’ll help secure your computer. It is all-in-one ransomware and antivirus suite that is known to detect and terminate even the most stubborn viruses and scams.
- A great thing about this solution is that it’s lightweight and ensures an easy installation process. Apart from that, you get all of these amazing features:
- Automatically stops attacks while browsing
- Cleans and prevents any future malwares from your device
- Ensures safe online transactions
- Auto-updates your apps list
- Puts a barrier for data thefts
- And much more!
They have 3 different plans with the entry-level being only $52.46/year for 3 PCs. What’s even better is, they’re offering a 30-day free trial for any of their plans. So, you can try and then buy it.
MalwareBuster
There are times when we don’t even realize that our PC is carrying boatloads of malware. And prolong denial of that fact would mean risking our computers. That’s when this software called MalwareBuster comes to the rescue. It deep-scans your entire system and terminates every single threat that is detected. Not only that, it also blocks new malware that tries to enter your PC.
- In a nutshell, here’s what this software has to offer:
- Elimination of malware
- Removal of ransomware
- Privacy protection
- New-tech automatic cloud definitions for safer browsing
It is priced at a steep $35.99 and comes with a free trial as well.
Avast Premium Security
Avast Premium Security is an all-in-one virus protection software for various devices like computers, mobile, and tablet. With the subscription of this software, you literally won’t ever have to worry about risky online payments, browsing unknown websites, or storing mysterious files on your device. It protects you from all of that by alerting and terminating potential threats.
- Some of the other features include:
- Blocks viruses and suspicious downloads
- Ransomware protected
- Prevents you from visiting dangerous websites
- Makes it tough for others to hack your device
- Disallows access to the webcam for strangers
- And much more!
This software has different plans for different devices and comes with a 30-day free trial period. Be sure to make use of that!
Avast got 11 decryption tools to fight with the ransomware. If your PC is a victim of that ransomware, then don’t pay the money; instead, download and decrypt yourself.
Kaspersky
NoRansom project by Kaspersky has some decryption tools to rescue from ransomware to get your data back.
- Bitcryptor
- Vandev
- Xoris
- CoinVault
- Fury
- Lortok
- Cryakl
- Wildfire
- Shade
- Lamer
- And much more…
As always, there is no guarantee, but you got to try to see if that works for you.
VirusTotal
VirusTotal is one of the most popular services to check your file for all kinds of malware, Trojans, worms, viruses. The maximum file size supported is 128MB.
VirusTotal would be useful to scan any suspicious files.
Emsisoft
Emsisoft got the bunch for decryption tools to help you to recover your files. You can download the one you need without paying the ransom.
- NMoreira
- OzozaLocker
- Globae2
- Globe
- Al-Namrood
- FenixLocker
- Fabiansomware
- Philadelphia
- Stampado
- ApocalypseVM
- HydraCrypt
- DMALocker2
- Gomasom
- LeChiffre
- KeyBTC
- Radamant
- CryptoDefense
McAfee got free decryption tools as well for Shade, Wildfire.
Conclusion
As a best practice, one should always consider backup strategies and use the right antivirus/anti-malware software on your PC. I hope the above services should be able to help you in identifying the ransomware and decrypt the files.