How to block WannaCry Ransomware

Discussion in 'Tutorials & Guides' started by WinXPert, May 14, 2017.

  1. WinXPert

    WinXPert Level 24
    Trusted AV Tester

    Jan 9, 2013
    1,327
    4,897
    Graphic Artist
    Manila
    Windows 7
    Emsisoft
    Here is a simple procedure to block WannaCry. Not the most elegant approach but just the basics. This is based on the wcry2 sample at the HUB. I wish I have different variants to test this procedure.

    I'll be using RunBlock. It's a portable freeware.

    • Extract RunBlock_v1.3_2.zip and run RunBlock.exe

    srb.jpg

    • Select option 2
    • Next click the + icon and add the following four files, or simply drag and drop those files.
    • Chances are you still don't have these files on your system. So we make dummy files.
    • Copy any small file in your desktop and create 3 more copies and rename them as:
      • @WannaDecryptor@.exe
      • taskdl.exe
      • taskse.exe
      • wcry2.exe
    • Drag and drop these files to RunBlock
    • Click the + icon or save your settings when you exit.
    This will work as long as wcry2 uses the same filenames.

    Running the sample and it works.

    wc.jpg
     
  2. kamran1980

    kamran1980 New Member

    May 16, 2017
    2
    1
    VENUS
    Other OS
    Isolation
    thanks
     
    WinXPert likes this.
Loading...