How to detect and decrypt WannaCry Ransomware

How to detect and decrypt WannaCry Ransomware

[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”]

How to scan ransomware WannaCry and How to decrypt the files – Here the solutions

WannaCry Ransomware Scanner Tool

The Wannacry Scanner can help system admin to scan your network looking for vulnerable windows systems, the tool is under “scanner” directory.

Installation:

git clone https://github.com/apkjet/TrustlookWannaCryToolkit.git cd TrustlookWannaCryToolkit/scanner/ pip install -r requirements.txt

Usage:

Usage: wannacry_tlscan.py host/network Example: wannacry_tlscan.py 192.168.0.100 wannacry_tlscan.py 192.168.0.0/24 Single host scan wannacry_tlscan.py 192.168.0.100 Single a network wannacry_tlscan.py 192.168.0.0/24

WannaCry Vaccine Tool

The WannaCry Vaccine Tool help user to prevent your system from being affected by WannaCry Ransomeware.

tl_wannacry_console.exe and tl_wannacry_no_console.exe prevent WannaCry Ransomeware to encrypt user’s files.

The two tools works pretty much the same, except tl_wannacry_console.exe comes with a console to show some progress information. tl_wannacry_no_console.exe runs in background.

Users may want to add tl__wannacry_no_console.exe to Windows startup script, so everytime user start his computer, Trustlook WannaCry Vaccine Tool will start prevent your system from being affected.

And the better good news is this, now you can restore your files if you were affected by WannaCry (or almost) thanks to Movistar, the first company affected by it

The tool is named ‘Telefónica WannaCry File Restore‘ and consists of a PowerShell script that will allow us to recover and restore temporary files with extension ‘WNCRYPT‘, which were created during the attack.

Note that this tool only works if the ransomware process is not finished, which is when the files are still encrypted and the temporary copy has not been deleted. Another important point to mention is that it is an Alpha version, which needs some computer skills to get it going. Here Chema Alonso mentions that they are already working on an executable version for Windows that will be released in the next few days.

You can find all the details of it on the blog (in Spanish) of Alonso Chema, the white hat that protect Movistar. And here you can download the script to fix the files.

 

Video step by step – How to do it

how to, solve, fix, restart, restore, wannacry, wanna, cry, cry, ransomware, malware, virus, movistar, script, learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester

[/vc_column][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”1/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid” offset=”vc_hidden-md vc_hidden-sm vc_hidden-xs”]
[image_with_animation image_url=”6351″ alignment=”center” animation=”Fade In” box_shadow=”none” max_width=”100%” delay=”300″][team_member image_url=”1722″ team_memeber_style=”meta_below” link_element=”none” color=”Accent-Color” name=”Daniel Morales” job_position=”Writer”][/vc_column][/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” bg_color=”#f9f9f9″ scene_position=”center” text_color=”dark” text_align=”left” top_padding=”4%” bottom_padding=”3%” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”1/1″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”][recent_posts style=”default” category=”all” columns=”3″ title_labels=”true” posts_per_page=”3″][/vc_column][/vc_row]

Share it:

Leave a Reply

Your email address will not be published. Required fields are marked *