Protect Yourself and Report the Latest Frauds, Scams, Spams, Fakes, Identify Theft Hacks and Hoaxes
There are affiliate links on this page.
Read our disclosure policy
to learn more.
Translate this page to any language by choosing a language in the box below.
May 12, 2017 saw a rapid spreading ransomware virus, spread by email. If you received the email and clicked on the links, you saw a screen demanding payment of $300 worth of the online currency Bitcoin, and a message saying:
with additional text demanding a payment of $300 in Bitcoin. The ransomware, as this typpe of malware attack is called, appears to come from as yet unknown hackers who took advantage of a software exploit which was originally developed by the National Security Agency. The ransomware has spread to at least 150 countries, including the UK, Japan, Spain, France, China, Russia and the U.S.. Estimates are that over 200,000 computers have been infected.
The ransomware seems to take advantage of a weakness in versions of Microsoft Windows operating systems which are not up to date on security patches. As of May 2017, there have been no reports ofd it affecting Apple computers, ipads or iphone nor Android cell phones.
Make sure your computer's operating system has all current updates and security patches. In Windows,
AND ABOVE ALL :
Make regular backups , of
By far the best way to do this is with a system image. A system image makes a complete backup of all files on a disk, including data, programs and system files. If something happens to your system, or even the C drive fails, you can reset the system and restore everything from the system image, which should be stored on a separate drive from the system drive.
You can make a system image from within Windows 10, in control panel. Search there for:
System images are large files, so be sure to have a backup drive (either internal or attached externally) that has a lot of space on it (say at least 250 GB, of course, 500 GB or 1 TB would be better still)
You can find easy to follow, complete directions about making system image backups here on How to Geek how to Make System Images
The best method is to use a professional service or professional software, like MalwareBytes or Symantec Norton Security .
It is critical that you install all available OS updates to prevent getting exploited by the MS17-010 vulnerability. Any systems running a Windows version that did not receive a patch for this vulnerability should be removed from all networks. If your systems have been affected, DOUBLEPULSAR will have also been installed, so this will need to also be removed. A script is available that can remotely detect and remove the DOUBLEPULSAR backdoor . Consumer and business customers of Malwarebytes are protected from this ransomware by the premium version of Malwarebytes and Malwarebytes Endpoint Security , respectively.
Symantec says (May 2017):
Decryption is not available at this time but Symantec is investigating. Symantec does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible.
But Symantec also has a page providing their own detailed removal instructions here.
So, let's be clear; your encrypted files are gone, but you can remove the virus and make your computer safe for use again. Here is how:
For those who feel up to the challenge of going it alone, here are the general directions with links to more details. Encrypted files will have .WCRY appended to the end of the file names. The Trojan then deletes the shadow copies of the encrypted files. The Trojan drops the following files in every folder where files are encrypted: !WannaDecryptor!.exe.lnk and !Please Read Me!.txt.
The Guardian, SlashDot , CNBC and NY Times are reporting that North Korea is behind the WannaCry ransomware. Kaspersky and Symantec both said on Monday that the North Korean cybergang known as Lazarus Group used very similar code. in 2015 and in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016 .
All images and text � Copyright Benivia, LLC 2017 Disclaimer and Privacy Policy
Names used by scammers in the examples on this
page and others often belong to real people and businesses who often have no
knowledge of nor connection to the scammer's use of their name and
information. Sample scam emails and other documents presented on this
website are real copies of the scam to help potential victims recognize and
avoid it. You should presume that any names used and presented here in a
scam are either fictitious or used without their legitimate owner's
permission and have no relationship to any person or business that also
shares that name, address, phone number or other identifying information.
Permission is given to link to any public page on http://www.ConsumerFraudReporting.org