Tutorial How to block WannaCry Ransomware

WinXPert

Level 24
Verified
AV-Tester
Joined
Jan 9, 2013
Messages
1,359
OS
Windows 7
Antivirus
Qihoo 360
#1
Here is a simple procedure to block WannaCry. Not the most elegant approach but just the basics. This is based on the wcry2 sample at the HUB. I wish I have different variants to test this procedure.

I'll be using RunBlock. It's a portable freeware.

  • Extract RunBlock_v1.3_2.zip and run RunBlock.exe

srb.jpg


  • Select option 2
  • Next click the + icon and add the following four files, or simply drag and drop those files.
  • Chances are you still don't have these files on your system. So we make dummy files.
  • Copy any small file in your desktop and create 3 more copies and rename them as:
    • @WannaDecryptor@.exe
    • taskdl.exe
    • taskse.exe
    • wcry2.exe
  • Drag and drop these files to RunBlock
  • Click the + icon or save your settings when you exit.
This will work as long as wcry2 uses the same filenames.

Running the sample and it works.

wc.jpg