WannaSmile – A simple tool to protect yourself from WannaCry Ransomware

WannaCry Ransomware is spreading like wild fire. It uses vulnerability in Microsoft’s SMB ( which is turned on by default ).

Here is a detailed article about the Ransomware :  How to protect yourself from WannaCry Ransomware 

On 13th may 2017 , security researcher going with the handle @malwaretech and Darien Huss found a ‘kill-switch’ which paused the ransomware. Basically the ransomware opens a unregistered domain and if fail to open then the system is infected. So @malwaretech registered the domain which stopped the ransomware.

Soon Cyber criminals around the world DDOSed it to take it down so that the ransomware can continue affecting.

Also the ‘kill-switch’ won’t work if :

  • System is not connected to internet
  • If the ‘kill-switch’ domain is down
  • If it is blocked by the isp or firewall

 

Also ISPs and security companies need to stop trying to block the domain. It has to resolve AND connect successfully to kill the malware…

— MalwareTech (@MalwareTechBlog) May 14, 2017

 

The solution

WannaSmile is a simple program created by me and my friend Hrishikesh Barman.

Here is the link to the Repo : WannaSmile 

WannaSmile obtained the
100% Clean Softpedia Award

It can do the following :

  • It will disable SMB in your system ( which is enabled by default )
  • ( OnlineFix ) It will edit your host file and add google’s IP to the ‘kill-switch’ ( which means even if the site goes down you wont be affected )
  • ( OfflineFix ) It will create a lightweight local web server and add localhost to ‘Kill-switch’

 

Offline fix for WannaCry

Runs a local server and localhost to the wannaCry kill-switch by appending hosts file. This is done so that when the ransomware tried to connect to the website it does not fail which will eventually stop the ransomware.

Instructions

1. Install the wannaSmile service by running the setup.exe from this release. (Download the wannasmile.zip file)

2. After Installing you need to start the service once and then it will do the rest automatically

To do that

  • Open start menu
  • Search services
  • Open the Services desktop app (a gear icon)
  • Inside Services search for WannaSmile (The list is alphabatical)
  • right click on WannaSmile and click start

The service will be running and the wanna cry IPs will be blocked along with the SMBs

WannaSmile – OnlineFix 

How to run

You directly run the .exe file and it will do the magic. ( Run as Administrator ). If you don’t trust our .exe file then you yourself can compile and run it.

Tip

  •     Use the OnlineFix if you are always connected to the internet
  •     Use the OfflineFix if you are not connected to the internet.

 

Note : For a permanent fix, PLEASE UPDATE YOUR WINDOWS ASAP TO PATCH (MS17-010)

 

Media Coverage

1. The hacker news
2. The Economic Times
Got featured by The Economic Times newspaper in all the 24 editions

3. Softpedia

Link : WannaSmile Protects Windows Users Against WannaCry