Ransom.WannaCrypt is a self-propagating ransomware capable of encrypting files in affected systems. It appends affected encrypted files with the .WCRY extension and demands a $300 or $600 ransom in Bitcoin for decryption.
It can also communicate to its command-and-control (C&C) server via encrypted Tor channels.
Common infection method
Ransom.WannaCrypt, unlike most ransomware, is not distributed via an email spam campaign. It is spread by taking advantage of a vulnerability in Microsoft’s Server Message Block (SMB) protocol known as EternalBlue.
- Update Windows to patch the SMB vulnerability
- Update your Malwarebytes product
Malwarebytes can remove Ransom.WannaCrypt without further user interaction, but it cannot decrypt the encrypted files.
The third-party decryptor for Ransom.WannaCrypt known as Wanakiwi can be downloaded here.