In the last post, we shown the steps to be followed in order to prevent ransomware attack. (check for the previous post: http://www.edison-newworld.com/2017/05/ransomware-exploiting-nsa-tools.html).
In this post, we moved one more step ahead to fight this ransomware attack (wannaCry).
Our researcher collected the ransomware sample (wannacry variants) and executed it in control environment. It clearly showed the behaviour of file encryption and demanding bitcoins. We tested with few decryption routines, but no success. Today, we got an opensource vaccine for this wannacry ransomware. That tool is called WannaCry Vaccine Tool.
In this post, we moved one more step ahead to fight this ransomware attack (wannaCry).
 |
| WannaCry Ransomware |
WannaCry Vaccine Tool
This vaccine tool created to overcome the infection of wannacry. But the catch is this tool need to be executed in our system first, so it will stop the wannacry ransomware variant. The WannaCry Vaccine Tool gets installed and prevent system from being affected by WannaCry Ransomeware.
Tested by our researcher
Our researcher run this vaccine tool in windows xp environment and windows 7 OS environment (this two environments are attacked in the wild by wannacry ransomware). After executing the vaccine tool, our researcher executed the malware (wannacry), it drops the encryptor files and other handles, but this time, no files get encrypted. No infections found. This vaccine actually stops encryption of files in the system.
Want those files in your system, please check the following Github link:
 |
| Trustlook WannaCry Toolkit |
- Please check the python tool- WannaCry Ransomware scanner tool, use this tool for presence of wannacry ransomware scanner tool.
- Wannacry vaccine tool is used to prevent the ransomware attack from file encryption and can't demand for ransom.
- Most important thing is update the security patch from microsoft.
Post made by
No comments:
Post a Comment