Published: May 16, 2017 
What is WannaCry Ransomware?
It's a program that encrypts all your files on your computer and then gives you a popup asking for a lot of money (usually $300-600). If you get this on your system, you may want to cry and so is the name. But sometimes it also referred to WannaCryptor or WCry. And since they are asking ransom in Bitcoins (which can easily make untraceable), there is no way to track the culprit. Note: You can still use your machine, even if it's encrypted by WannaCry. It's just that your data is probably gone but once you format your drive, you are good to go. Image credit: Talos, who has explained the technical aspect of WannaCry in detail.
How much is the Ransom amount?
WannaCry demands the ransom of $300 in bitcoins. If the user doesn’t pay the ransom within three days, the amount doubles to $600. And if you don't make payment withing seven days, WannaCry will delete all of the files. There is no way to get the data after that.Why WanaCrypt ransomware spread so quick?
Like I said earlier, ransomware is not new. Microsoft has detected this way back in March 2017 and also released the patch at the same time for vulnerabilities in SMBv1. However, these patches were for the fairly newer version of Windows like Windows 7,8,10 or Windows server 2008 etc.If you keep your Windows updated, chances are you already have the patch.However, there are many organizations like govt hospitals and old business, running older and unsupported versions of Windows such as Windows XP and Windows 3.0. Now, since Microsoft no longer supports this version, patches were not released for them.
Who are infected?
Anybody who is running Windows OS on their computer both Windows consumer and server version. But since Microsoft has released patches way back in March, most home users are safe from WannaCry (provided they have installed the updates) The big majority of people who are infected by WannaCry are those who are running an older version of Windows like Windows XP. These are usually govt hospitals and old business who haven't updated their system for ages. And trust me there are a lot of them, in this entire world. Also, from the hackers point of view, it makes sense to target business rather than home users, since business have way more valuable data which they will willing to pay to get it back. For instance - here in India according to Live Mint, 120 Gujarat govt computers affected by WannaCry virus. Image Credit:Â Countries initially affected in WannaCry ransomware
What is wanna cry kill switch?
You might have heard people saying - A 'kill switch' is slowing the spread of WannaCry ransomware' Well, a Killswitch is a piece of code that in software that when activate will kill the program. According to this PCWorld article.Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.
Where does it come from?
There is no fixed way to find that out yet. But security researchers from both Kaspersky and Symantec both said that early version the WannaCry code are similar to the code used in a 2015 backdoor created by the government-linked North Korean hackers. SourceIs the attack over?
No. And there is no confirmed fix for WannaCry available yet. Bleeping computer has a detailed guide on how to remove the WannaCry. But there is no confirmation on how effective this method is. In their own word.This guide, though, will not allow you to decrypt your files for free. This is currently impossible. I will provide steps that you can use to possibly recover files (slim chance, unfortunately) and methods you can use to protect your computer from ransomware in the future.
