> How to > Todo Backup Resource > WannaCrypt Ransomware Attacks: How to Protect & Recover Your Data

WannaCrypt Ransomware Attacks: How to Protect & Recover Your Data

Updated on Dec 28, 2018 by Abby Haines to Todo Backup Resource

WannaCrypt Ransomware is coming and spreading rapidly! This page is written to tell you how to protect personal data from WannaCrypt Infection and how to recover WannaCrypt encrypted files. It is helpful for both infected users and users who stay safe now.

On 12 May 2017, the new WannaCry Ransomware, also called WannaCry, WanaCrypt0r or Wcrypt attacked and spread rapidly worldwide. It ripped through computers and encrypted users' data. And next, it asked for the decryption key starts with $300 Bitcoin which increases after every few hours.

WannaCry Ransomware
Now it has affected hundreds of thousands of Windows computers in various countries including Britain, the United States, China, Russia, Spain, Italy, etc. And the victims are increasing! Maybe you are the next one!  In view of this, in this page, we talk about:

  • How to recover WannaCrypt encrypted data - for infected users
  • How to avoid WannaCrypt Infection and protect your data - for users who stay safe now

Part 1. Try EaseUS free recovery software to check if it helps to recover WannaCrypt encrypted data

Download and install EaseUS free data recovery software on your PC. 

On the main Windows, select the disk where used to save the encrypted files and click Scan button. After the scan is over, select the wanted files and click the Recover button.

choose a location and scan

How does WannaCrypt Ransomware work to encrypt your data?

When WannaCrypt Ransomware gets into your PC, it will search the whole computer for pictures, videos, documents and other types of files, make a copy, then deleted the original files, and finally, encrypted the copied files with an ".WNCRY" extension.

It is how WannaCrypt Ransomware works to encrypted your data. And precisely because of this, there is a small chance for EaseUS free data recovery software to find and retrieve the encrypted data from the deleted original files. But note that it might not recover all your files!

Part 2. How to avoid WannaCrypt Infection and protect your data

If you are the lucky ones who still stay safe, congratulations! Here, we offer some useful tips to help you protect your PC & data from infecting with the WannaCrypt Ransomware. Hope it is helpful! 

1. Regular backup your PC hard drive data

WannaCrypt uses a protocol called Server Message Block (SMB) which Windows uses to connect machines to file systems over a network. This fact puts businesses at greater risk than individuals! So, please take care! Backup is the best way to keep you safe!

1) Download and install EaseUS free backup software, on the main windows, click "Disk/Partition Backup" option.

2) Choose the PC hard drive as a source disk and then click "Destination" to select a storage location to save the backup image.

Important Note: Here, please choose to save the backup file to an external storage device other than on your PC in case the image file be encrypted by the WannaCrypt Ransomwarewareware in the future.

3) Click "Proceed" to backup your PC hard drive data.

Backup data to avoid WannaCrypt Infection

2. Install the latest Security Update MS17-010

WannaCrypt spreads incredibly rapid benefits from a networking vulnerability of Windows system. Even Microsoft had patched it with MS17-010 Security Update in March, but not everyone installs it in time. If you are one of the users, now, it's time to install the latest Security Update to avoid the Ransomwarewareware.

MS17-010 Security Update: 


MS17-010 Security Update is available for: 

Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows RT 8.1, Windows 8.1, Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista.

And for Windows 2003 and XP, there is no official Security Update. So we recommend you to upgrade to Windows 10 or any other versions that patched for MS17-010 ASAP. 

3. Shut down 445, 135, 137, 138, 139 ports 

WannaCrypt is infecting from machine to machine through the network port of Microsoft's Windows operating system like 445, 135, 137, 138, 139 that with high risks and network sharing. So, to avoid the Ransomwarewareware, we recommend you to: 

Enable Windows firewall, firewall off SMB ports 445, 135, 137, 138 and 139 from the outside world, and restrict access to the service where possible on internal networks.

4. Install the latest Windows Defender Antivirus 

Microsoft released an update of Windows Defender detects WannaCrypt as Ransom:Win32/WannaCrypt, so install the latest version of this antivirus, enable and run it to detect this ransomware.

5. Be extremely careful while opening the email attachments or clicking on web-links.