[FIX] Wanna Decryptor Ransomware รับมือและแก้ไขแบบผู้ใช้งาน

อย่างที่ทราบกัน การระบาดของ Wanna ransomware ที่กระจายออกไปอย่างต่อเนื่องสู่ 100 ประเทศ รวมถึงไทยด้วยเป็นภัยที่นับว่าใกล้ตัวสุดๆ เมื่อวานเพื่อนผมก็พึ่งโดนไปผมเลยเข้าไปแก้ไขให้

วันนี้ผมเลยจะขอนำเสนอวิธีการแก้ไขแบบผู้ใช้งานทั่วไปหากเจอเองจะได้ช่วยเหลือตัวเองหรือเพื่อนๆได้เอง ต้องบอกไว้ก่อนครับว่าหากใครโดนไปแล้วต้องทำใจไว้เลยครับว่าไฟล์คงไม่ได้คืนมา(ในตอนนี้) ต้องรอเค้าออกตัวแก้กันมาก่อนครับ แต่ผมก็มีแนวทางแก้ให้แต่ก็อาจใช้ไม่ได้ทุกคนนะครับ

เรามี 3 Steps ง่ายๆ (ขออธิบายเป็น ENG นะครับ คนอื่นนอกจากเราจะได้เอา step ไปใช้ได้ด้วยครับ)

1. Clean
2. Protect
3. Recovery

[Background]

Wana Randsomware is only affecting Windows Operating system (for now), thanks to NSA who released all these exploits to public few months ago, MAC users you might be next! so watch out.

[Symptom]

You will see the screen below popping up at the center of your desktop screen.

And your background will change to something like this too.

And if you see the screen below, please always click NO. There might be chances to get your files back. But if you happened to click YES, then you will need to wait for the decryptor in which I’m sure someone will release it later this year in order to get your file back.

Click NO to this

Next you will see that all your personal files including documents and databases will be changed to a different file type : eg. business.doc >> changed to >> business.doc.WNCRY

If either of these happens to you this means you already got infected! There is a cure to get rid of the ransomware but still you will not be able to get your file back (yet). You will need to wait for someone to release a decryptor software for this Wanna randsomware this year.

[What it does?]

What is this ransomware does in a nutshell is that it go through all your personal created files and encrypt (lock) them with complicated password and technique preventing you to open the file unless you pay them the fee. So the file is still in your system but you can’t just open it. It also can spread to other system that has weak security or outdated version of Windows

[Step 1. Clean]

I will show you how to clean this ransomware in a very easy way, since I have been dealing with a lot of malwares and after some researches I found 2 amazing softwares that can kill any known Malware in the world. These softwares are not shareware, there are no ads, no popups and you can use it for free within free period (15–30 days) If you like it, purchase it. So all you will need to download, install and run it.

• Download HitmanPro and Malwarebytes from your other system and put them in flashdrive
• Run Malwarebytes installer and finished the installation, then SCAN It will then close down Wanna ransomware main app and remove everything
• Once done it will ask you to reboot, skip the reboot and continue will next installation
• Run HitmanPro installer and finished the installation, then SCAN before it will eliminate the threat you might need to enter your email address to activate it first.
• Once done now you can restart your system. and your system should be clean now.
• The main app will be deleted and you are safe but you will still need to change the warning background by yourself.

[Step 2. Protect]

• To protect is very easy, you just need to update all patches for your system, just go to Windows update and update everything. However before doing that, you should go download and install this patch for first thing. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
• Then continue the rest with the update and now you will be safe

[Step 3. Recovery]

This is likely to work for some peoples who did not click YES on the 3rd image I shared above. Windows will always keep your files history backup which called “Volume Shadow Copy” Yes, this means you can go back in time and restore all the files back before it got encrypted with …WNCRY

However, if you already click YES at this point means you might not be able to go back in time anymore

• Download ShadowExplorer and install
• Open the software and choose Drive and Time
• Now you can select files and folders that you want to recover.

Now for those who cannot use ShadowExplorer or can’t find files and folders they can recover. Do not lost hope, you only need to wait for the official Decryptor and your file will be unlock again.

At this point your system should be cleaned and now updated to protect for anything already. However, you might need to start over for now if you happened to have important file store in the system. I would suggest from now, you should have a backup system and use it more often. ie. External Harddisk or Dropbox

I hope you will find this article helpful and protect yourself from the threat. Feel free to ask if you need advice. Stay safe!

— — — — — — — -

Download all related files here: (I zipped everything here) https://drive.google.com/file/d/0BwW6ZLVuIC2AS3RpeTB6V3hFajg/view?usp=sharing

References
https://www.techtalkthai.com/wana-decrypt0r-2-0-technical-note/ http://myspybot.com/wana-decrypt0r-2-0-wncry/