How To Remove / Fix WannaCry Ransomware After The Cyberattack

Updated on

If you have been watching the news over the past 24-hours, you will know that 74-countries across the globe have been hit by what seems like a coordinated ransomware cyber attack. This unparalleled assault has locked many institutions and their employee’s out of sensitive files. With the NHS (National Health Service) in the UK, being one of the most affected. Called WannaCry, this new strain of virus Ransom.CryptXXX seems to have targetted Europe more than anywhere else. However, reports indicate that does not mean it’s not severe elsewhere. Here’s what you need to know about it, including how to remove, protect against it, and other tips.

WannaCry ransomware cyberattack how to

WannaCry Questions Answered

If you’re unfamiliar with what is still a breaking story, a little background into what this ransomware can do is in order. If infected, WannaCry encrypts the data files on your computer and asks for a fee to unlock them. Usually, this fee is $300 USD (£232 GBP); however, it requires that this payment is made in Bitcoins. This requirement is to enable the payment system, or the inevitable recipient of the money to not be traced.

Furthermore, if a victim decides, that he/she will not pay up, the amount requested will double after three days. After that, if no Bitcoin payment is received the illegally encrypted files will be deleted. Ironically, along with WannaCry comes a read Me text file. In which details are given on how to and what happens next. Do Not Pay!

Now, if you or your organization have yet to be infected by this ransomware cyberattack, here are a few tips worth reading.

How To Protect Yourself Against The Ransomware CyberAttack

Unfortunately, right now it is proving particularly challenging to decrypt infected files. However, one of the world leaders in Cybersecurity Symantec is looking into a way to do so easily.

If you or your organization have not been a victim of this WannaCry cyberattack, please do the following now:

1. Always keep your Anti-virus and Firewall software’s up to date to protect yourself against Ransomware and other attacks.

2. Your computer’s operating system should be regularly updated. Software updates will include new patches and enable you to avoid vulnerabilities exploited by hackers.

3. Be aware that emails are one primary way in which WannaCry and those like it infect computers. If you receive an unexpected email, do not click links, or open attachments.

4. Immediately backing up all your data is the most important thing you can do right now. If you do so, this will prevent this ransomware from having a hold on you should it infect your computer. Additionally, it’s advised that these backup be stored on a server, external storage device, or some other means that does not have access to the internet.

As for removing WannaCry, you need to enter Safe Mode to do this, here’s how.

How to enter Safe Mode to remove the WannaCry ransomware and Cyberattack
barek2marcin / Pixabay

How To Enter Safe Mode

The following information is based on our research; however, we can Not Guarantee that WannaCry will be removed from you Windows PC.

However, there have been reports that the SpyHunter software does indeed manage the threat effectively.Although it will require you to purchase it, the free version will only inform you if you are infected.

As for the following tutorial, we advise that you either bookmark this page or read it on another device. Why? Because during the guide, you may need to exit your browser.

1. The first thing you need to do is enter Safe Mode. Here is how to do that for Windows XP/7, 8/8.1, and 10.

Windows XP and 7: Before Windows starts Hit The F8 Key. Once the Boot Menu appears look for and select Safe Mode with Networking, followed by tapping Enter</strong.

Windows 8 and 8.1: Go to the Start Menu >> Control Panel, followed by Administrative Tools >> System Configuration. Next find and tick Safe Boot and then select Networking followed by Restart. Your computer should now boot into Safe Mode.

Windows 10: Go to Start Menu >> Settings >> Update and Security >> Recovery Next under Advanced Startup click on Restart Now and allow your computer to restart.

When the Choose Option Screen is available, go to Troubleshoot >> Advanced Options >> StartupSettings. And then Enable Safe Mode with Networking Option followed by selecting Enter to boot into Safe Mode.

Note: Depending on your computer, there’s always the chance that some key other than F8 is the Boot Key, If that is so, look for advice from the manufacturer’s literature or online.

How to remove wannacry ransomware after the cyberattack

How To Remove WannaCry

As with all tutorials, please read each step individually, and only act upon it when understood.

Removing Processes

2. This next requires that you look for processes which may relate to the WannaCry ransomware. To start doing so, press Ctrl + Shift + Esc, this will open Task Manager. After which you should look through the Processes Tab carefully for unfamiliar entries.

Usually, a malicious process will consume large amounts of resources, such as CPU and RAM. If you discover something which looks out of the ordinary, Right Click and Open The File. Next Delete everything. Only do this if you are sure that the process is WannaCry related.


3. Now, we’re going to look in Startup Programs, to do so, type System Configuration into the Windows Search Bar. Followed by slecting the First Result, and then going to the Startup Tab and taking a look at the list of programs.

If you are a Windows 10 user, it’s Startup Programs can be seen in Task Manager. However, on all versions of Windows, if you feel that any have an unknown developer or just look wrong uncheck them and Click OK.

The Resistry

4. Next we’re going to take a look at the registry, to do that you need to open the Run Window, or press WinKey + R. Followed by typing regedit and hitting enter.

When the registry editor launches, press Ctrl +-F</em and type the name of the Virus Ransom.CryptXXX or WannaCry. Now, slect Find Next and remove whatever is returned that relates to that name. This should be completed for all the search results.

Virus Files

5. Finally, you need to delete other potential Virus Files, this can be done by going to the Start Menu. And then individually typing the following: %AppData%, %LocalAppData%, %ProgramData%, %WinDir%, %Temp%.

When each opens sort their content folders By Date and Delete The Most Recent folders and files. Furthermore, when you access the Temp folder remove everything from it.

Final Thoughts

In this article, we’ve shown you how to protect yourself from this severe ransomware cyberattack. As for how to remove WannaCry, the above is not 100% guaranteed to do so, yes, it may negate some of the problems it causes. However, we prefer not to promise anything, instead, update your computer, antivirus, and firewall, plus complete the tutorial now.

Leave a Comment