Level 24
Malware Hunter
Here is a simple procedure to block WannaCry. Not the most elegant approach but just the basics. This is based on the wcry2 sample at the HUB. I wish I have different variants to test this procedure.

I'll be using RunBlock. It's a portable freeware.

  • Extract and run RunBlock.exe


  • Select option 2
  • Next click the + icon and add the following four files, or simply drag and drop those files.
  • Chances are you still don't have these files on your system. So we make dummy files.
  • Copy any small file in your desktop and create 3 more copies and rename them as:
    • @WannaDecryptor@.exe
    • taskdl.exe
    • taskse.exe
    • wcry2.exe
  • Drag and drop these files to RunBlock
  • Click the + icon or save your settings when you exit.
This will work as long as wcry2 uses the same filenames.

Running the sample and it works.