The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a webpage or a Dropbox link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages. Once the files have been encrypted it deletes the originals and delivers a ransom note in the form of a readme file. It also changes the victim’s wallpaper to a message demanding payment to return the files.
How can you remove it?
Not by paying the ransom.
Security experts point out that some antivirus software is capable of catching the Wanna Decryptor virus.
“This particular ransomware is correctly identified and blocked by 30% of the AV vendors using current virus definitions. It is correctly handled by both Kaspersky and BitDefender,” said Phil Richards, the CISO at Ivanti.
“There is no public decryption (crack code) available at present.
“This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect. Both of these actions require administrative privileges.”
SOLUTIONS
- Backup your file regularly
- Update your systems
- Use an antivirus and update the database daily
- Don’t open malicious email, link and attachment