來看看最新的新聞連結:http://thehackernews.com/2017/06/wannacry-ransomware-unlock-files.html

第1個是去 資源回收桶找?

Researchers also found that for non-system drives, the WannaCry Ransomware creates a hidden ‘$RECYCLE’ folder and moves original files into this directory after encryption. You can recover those files just by unhiding the ‘$RECYCLE’ folder.

Also, due to “synchronization errors” in WannaCry’s code, in many cases the original files remain in the same directory, making it possible for victims to restore insecurely deleted files using available data recovery software.

第2個 要去 https://github.com/gentilkiwi/wanakiwi/releases 下載程式

Wanakiwi needs access to malware’s memory. So it needs to be run on the infected machine, with the malware running (before restarting the machine)

說他要在重開機之前才有效果@@”

總之就是小心再小心了..

還是把 port 445關了比較安全


tasksche.exe與mssecsvc.exe 就是病毒….

而且在開機的時候 會一直發送封包出去


每個檔案大約都 100mb 以上 挑自已的作業版本使用囉

 

Windows 7 x64