The virus – extortionist WannaCry attacked on May 12, Friday more than 75,000 computers around the world. In general, large companies, organizations, transport companies, medical and educational institutions were affected, even the Ministry of the Interior of the Russian Federation WannaCry did not ignore. At the moment, more than 300,000 computers have been affected in more than 100 countries. WanaCrypt0r 2.0, or as it is also called ” WannaCryOnce inside the system, the virus scans the disks and network folders for files with certain extensions (over 160) and encrypts them by adding the .WNCRY extension, then the worm’s functions are connected – the distribution itself, WannaCry scans the available ip addresses on the 445 port and is distributed over the local network.This encryptor is removed as well as other encoders – the hard drives, logging in through the “safe mode”, cleaning up the startup and registry, physically deleting the virus files, deleting unnecessary entries from the C: \ Windows \ System32 \ drivers \ etc \ hosts.But if you see on your monitor a typical window WannaCry, requiring you to send $ 300 to the bitcoin purse, in no way in a hurry to shut down or restart the computer, there is a chance to decrypt the files!
When launched, Wanakiwi automatically searches for processes such as:
But if in your case the name of the process differs from the standard one, then Wanakiwi can be started through the cmd console with pid or process parameters , clearly indicating the program with which process to work: