Against WannaCry: How to restore or protect your computer from WannaCry ransomwa

Wondershare Recoverit Authors

Jun 29, 2023 • Filed to: Recover Files • Proven solutions

In today's fast-paced world, we rely on technology in more ways than one can imagine. Even though our security protocols have been enhanced in the past, there are plenty of viruses and malware attacks that keep compromising with our security.

Recently, WannaCrypt Ransomware (or WannaCry virus) has made the global headlines for affecting thousands of computers the world over. The malware was discovered on May 12, 2017, and in a matter of a few days, it has created global chaos. They say it is better to be safe than sorry. Just like thousands of other systems, yours can also be affected by WannaCrypt. Therefore, it is better to recover your files beforehand to protect your crucial information from this cyber attack. We have got it all covered in this post.

Part 1 What is WannaCry Ransomware?

A computer virus is one of the most dreadful things for our cybersecurity. The recent malware, that goes by the name of WannaCry cyberattack has already affected more than 200 thousand systems in around 150 countries the world over. This is one of the most massive and widely spread cyberattacks of recent times.

Wannacrypt spreads fast around the world

Since in a matter of a few days, it has affected such a large pool of devices, it is already described as unprecedented by Europol. As it is a Trojan dropper, it keeps spreading to other systems as well.

It was first discovered on May 12, 2017, via an email attachment. Ideally, the virus gains its access to your computer through an email attachment and can spread through your LAN in no time. It also exploits the SMB vulnerability on a system's hard disk. Not just that, it can even spread to almost any computer via the internet (when connected to the same network).

From jpeg to raw and jar to txt, it affects almost every file extension, corrupting your entire system in a few seconds. Therefore, if your system is still safe, you should try to protect it immediately using standard security measures.

Part 2Remove the Wannacry ransomware

If you wish to attain security in your system again, then you got to get rid of the WannaCry Ransomware first. If remained unattended, it can gradually move to your entire storage and affect almost every kind of file you have. Therefore, you need to take extreme measures and that too as fast as you can to remove the malware from the system. Follow these instructions and make sure that you have manually removed it from your system.

Step 1. Use folder options to make every file and folder visible

Since the malware won't be visible at first, you need to ensure that no files are hidden on your system. To do this, you have to visit the "Folder Option" on your system and make all the hidden files visible.

You can get the Folder Options by visiting Control Panel > Appearance & Personalization > Folder Options. Here, in the View tab, you need to check the option of "Show hidden files, folders, and drives". Now, simply apply these settings to make the malware visible.


remove wannacrypt

Step 2. Reboot the PC in Safe Mode

Great! Now when you have completed the first step, you need to start your Windows system in the Safe Mode. To do this, simply restart your system and as it reboots, press the F8 key in intervals of 1 second a few times.

This will provide the advanced boot options to you instead of simply restarting the system the usual way. Using your arrow keys, select "Safe Mode" and press Enter to turn on your system in safe mode.

remove wannacrypt - safe mode

Step 3.Enter Task Manager and terminate all suspicious processes

After entering your system in the safe mode, you got to start the Task Manager. You can do it by pressing Ctrl + Shift + ESC keys at the same time.

You will get a task manager window like this. From here, you have to manually examine any suspicious process that is running on your system. After examining it, simply right-click on it and select "End Process" to terminate it.

Don't refrain yourself and select almost every kind of suspicious process that you might find to get rid of the malware.

Note: You can check all sorts of ransomware processes here:

remove wannacrypt - end suspicious process

Step 4. Prevent the ransomware from booting

Now, to prevent Ransomware from booting, you need to make sure that your system is clean entirely. To do it, you have to remove it using msconfig. Just press Windows + R keys at the same time or open the "Run" prompt manually. Here, type "msconfig" and press enter.

remove wannacrypt - prevent wannacrypt from booting

This will open another window for System Configuration. To make sure you have a smooth booting operation, you have to ensure that the malware has been deleted. Go to the Startup tab and uncheck all the entries that you think are from an unknown manufacturer.

remove wannacrypt - prevent wannacrypt from booting2

After applying these changes, you can restart your system in the normal way. This will ensure that Ransomware has been removed entirely from your system. Now, you can proceed and try to retrieve your data back.

Part 3Decrypt the Ransomware or recover the encrypted files from WannaCry

After removing all the suspicious processes, you can make an effort to decrypt your data. You can try to do it with any leading encryption tool, but the chances of getting fruitful results are quite bleak.

Since WannaCry Ransomware uses the RSA + AES encryption method to encrypt your data files, it is quite tough to decrypt them, even with the assistance of a paid tool.

Nevertheless, you should not get disappointed so soon. WannaCry doesn't directly encrypt the actual file. Instead, it first makes a shadow copy of the file and encrypts its copy. The original files are deleted from your system. While you can't decrypt the copied files, you can still get your deleted files back by taking the assistance of any secure data recovery software.

If you wish to get your originally deleted files, then you can simply use a readily available data recovery application. There are plenty of data recovery tools available, but only a handful of them can let you extensively retrieve your data. We recommend using Recoverit Data Recovery software to get your deleted files back.

It is a risk-free and cost-effective tool that runs on almost every version of Windows. If your system has been recently affected by the WannaCry Ransomware, then you can restore your deleted files using this data recovery tool. The faster you use it, the more effectively you would get your data back. Follow these simple instructions to run the tool.

Your Safe & Reliable File Recovery Software

  • Recover lost or deleted files, photos, audio, music, emails from any storage device effectively, safely and completely.
  • Supports data recovery from recycle bin, hard drive, memory card, flash drive, digital camera, and camcorders.
  • Supports to recover data for sudden deletion, formatting, hard drive corruption, virus attack, system crash under different situations.

Step 1. Select the location where your files have been encrypted by Wannacry

You would be asked to select locations to scan for deleted files. You can simply select the computer hard drive disk. Since Ransomware affects the entire system, you should select a specific disk and click on the "Start" button to commence the recovery process.

restore wannacrypt locked files

Step 2. Restore your files from Wannacry encryption

Wait for a while as the application will scan the deleted files from your system. If your files have been recently affected by the malware, then the recovery tool would be able to restore a substantial amount of data. After completing the recovery process, you will get a screen like this. Your data will be segregated according to its location. To get it back, simply select it and click on the "Recover" button.

recover ransomware locked files

This will let you restore your data. Since you have already gotten rid of the malware, your data won't get affected by it again. Though, your system might be exposed to the same (or any attack) in the future as well. To make sure you don't have the same experience, learn how to take precaution measures in the next section.

Part 4Suggestions for the safety of your computer and mobile phones

With the advancement in technology, the age-old and run of the mill security measures are getting pretty futile. If you wish to protect your computers and mobile phones, then you need to be tech-savvy. If you don't wish your data to be affected by a virus attack like WannaCry Ransomware, then it is important to safeguard your devices. Follow these expert suggestions to keep your data safe.

1. Always backup your data

WannaCry Ransomware is just one example of how dreadful computer malware can be. Therefore, it is always recommended to keep a backup of your data. You can either turn on the automatic backup option on your device or simply take a manual backup of your data promptly.

You can use backup software like Wondershare TunesGo to take a comprehensive backup of your data. With it, you can backup your PC or your mobile phones in no time. It is a complete phone management tool that will help you keep your data protected. It also comes with plenty of other features as well that can make your life a whole lot easier.

2. Stay up to date

We all know that the recent WannaCry Ransomware was able to affect all those Windows systems that were left un-patched. Make sure that your devices are running on updated software and that it doesn't have any vulnerability that can be exploited by an attack.

3. Get anti-virus software

Needless to say, you should install reliable and secure anti-virus software on your system. Not just your PC, you should also install anti-virus software on your mobile phones as well. Additionally, keep updating your anti-virus to keep your system secure.

4. Get data recovery software

In case if your system still gets affected by malware, then you should have a data recovery software already installed. This will come handy to you on numerous occasions. After removing the malware from your system, you can simply run a data recovery application to retrieve the affected data.

Recoverit Data Recovery software is an extremely reliable application that every Windows and Mac user should have installed on their system. You should also have data recovery software by dr.fone to retrieve the deleted data from your mobile phones as well.

We hope that after going through this comprehensive post, you would be able to keep your data safe from WannaCry Ransomware. Follow the above-listed stepwise tutorial to remove the malware from the system and subsequently retrieving your deleted data as well. Additionally, make sure that you follow all the essential measures to keep your data protected from any cyber attack.

If you have any questions about WannaCry Ransomware or are not able to retrieve your data, then feel free to let us know in the comments below. We will surely get back to you, letting you keep your system protected and safe from the malware.

Part 5More information about WannaCry Ransomware: its origin and how it works?

There is no official information regarding the origin of WannaCry as of now. Though, it is named WannaCry or 2.0, which is making everyone believe that it is a second version of the malware. Its predecessor was named as Ransomware WeCry (and demanded 0.1 Bitcoin as ransom). It is confirmed that the attackers used Eternal Blue (Microsoft Windows exploit), which was created by the NSA. The tools were leaked by a group, Shadow Brokers.

about wannacrypt ransomware

Currently, plenty of organizations have been affected by this global cyber attack. It includes plenty of hospitals in the UK, Spanish telecommunication company Telefónica, and even the logistics department of FedEx. This only depicts how powerful the reach of WannaCry Ransomware is.

As stated, it exploits the vulnerability of SMB (Server Message Block) in Windows systems. This is done by the exploit, Eternal Blue that has been stolen by NSA. According to rumors, Eternal Blue was originally a hacking weapon designed by NSA to gain access to Microsoft Windows systems.

WannaCry targets the systems that are not patched for MS-17-010 (which was released by Microsoft in March 2017). If your system is still un-patched, then you are vulnerable to the attack. After being injected, your data will be compromised and you will get a screen like this. It will display a message that to recover your files, you need to transfer Bitcoins to the given account.

Other popular Articles From Wondershare

Recoverit author

Amy Dennis

staff Editor

Home > Resources > Recover Files > Against WannaCry: How to restore or protect your computer from WannaCry ransomwa