What is virus WannaCry?

At this moment the most rapidly spreading virus consists of two parts: the first attacker part uses an operating system to enter in it, the other part is the encryption that will be downloaded from the Internet after you get into the computer.

The difference from other viruses is that, in ordinary the virus gets into the system because of costumers’ error, for example when they accidentally open some mailed file, or if they go to some links. In case of WannaCry infection can occur independently from the user.

Virus Penetration.

The virus creators use an error in Windows operation system, discovered in May 14, 2017 knowns as "EthernalBlue". The mistake was corrected by refreshing of MS17-010. If you are involved in automatic updating of Windows, your computer is protected from access. But after the renewal, you will not be protected by infecting the virus through the usual way.

As soon as the virus gets into the system, it tries to get into other computers by local area networks, scans their EthernalBlue error, which makes the virus more dangerous for big companies.

The encryption searches the users potentially important files, such as Word, Excel, PowerPoint files, e-mail databases, graphic software files, various database files, video and audio files, the software codes encrypt them, changes their expansion by WCRY, after which they become impossible to open. After the virus changes desktop background, where the information about the computer infection and the operation which will allow the costumer to recover (probably) the access to the files. As a rule, it is necessary to pay a certain amount of money through Bitcoins. For the beginning it is $300, in some cases it was $600. 

The costumer has three days to pay, after it the amount can increase and in 7 days it is impossible to recover the files.

The story of repulse of the first attack.

Malwaretech managed to stop the infection in a simple way: he bought a certain domain name (an obscure address iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com).

As it turned out WannaCry’s several versions applied to this address and in case of its absence the it started operating. Creating this domain name was some kind of suspension button for the virus.

Malwaretech neutralized the spreading of the virus by finding the address and by registering it. Thousands of appeals were reported from the infected computers in a day.

Unfortunately, the new version of the virus was appeared, and it was impossible to stop it by the previous methods, so new waves of distribution are expected.

How to protect ourselves from WannaCry?

There is no way to recover encrypted files. Different company experts are working on creating it. It is very important to protect from the infection.


  1. Update your antivirus database and scan the computer critical areas.
  2. Install the operating system updates.
  3. To create copies of important materials and databases. And upload them on such devices which are not always connected to the computer. For example, Dropbox, Google drive etc.
  4. the virus damages Microsoft Windows operating systems, so if you are using Mac OS or Linux you are protected.