How to Remove the WannaCry Ransomware

WannaCry is a type of crypto-ransomware that is used by cybercriminals to extort money from Windows users. This ransomware uses encryption to lock users out of their computer so they are unable to use it. It can also encrypt valuable files, making them unreadable.

WannaCry Ransomware
WannaCry Ransomware

What Exactly is the WannaCry Ransomware Attack?

The WannaCry ransomware attack was launched in May 2017 and it spread rapidly through computers running on Microsoft Windows. During this global cyber attack, over 300,000 computers across 100 nations were attacked and the files of the user’s held, hostage.

WannaCry used External Blue, an exploit that was developed by the US National Security Agency (NASA). A shadowy hacker group called The Shadow Brokers stole the code developed by NASA and published it. Luckily, Microsoft had already developed an emergency patch for External Blue before even WannaCry ransomware was released. Nonetheless, organizations that had not applied the patch were vulnerable to the attack.

The attack demanded a Bitcoin ransom in order to decrypt the data. It was estimated that hundreds and millions and billions of dollars were lost during the attack.

How Does WannaCry Work?

WannaCry acts like a worm, meaning that it targets and spreads across networks. It can propagate itself without the need for human interaction. WannaCry uses a file-sharing protocol known as SMBv1, which lets PCs communicate with devices like printers that are connected to the same network.

Just like most ransomware, the WannaCry virus can get into a user’s PC through phishing spam. This is a malicious act used by attackers to dupe their victims into opening a message or email. However, they intend to target passwords, banking credentials, and other sensitive information.

When the victim opens the message or clicks into the suspicious link, the malware will be installed. WannaCry then takes control over the PC and scrambles the user’s documents. It uses the RSA algorithm to encrypt data on the PC and then appends various extensions to the corrupted files.

The victims of this threat are then asked to pay $300 or $600 after three for the decryption. In other types of malware, the victims of the attack are told that their PCs are blocked because of the presence of a malicious program like porn. The aggressors masquerade as a law implementation officer and ask them to pay a fine.

Who Does WannaCry Target?

WannaCry spread rapidly in over 100 nations and did not appear to target a specific person. It spread naturally and randomly across networks in various countries.

Nonetheless, the ransomware attack hit and took advantage of various organizations and individuals. For instance, government agencies and other organizations with delicate information were victims of this ransomware. This is probably because they are more likely to pay promptly to secure and get access to their delicate information.

The attackers also took advantage of colleges and universities, like the University of Montreal. This is because it was easier for the attackers to get into their safeguards since they do a lot of document sharing.

The attack also hit transport companies, law firms, and other companies like FedEx, Renault, Honda, Telefonica, and more.

How to Protect Yourself against WannaCry

Although the WannaCry attack is over, the ransomware has not been completely eradicated. Plus, there are other ransomware strains like Petya and NotPetya that have been developed and cause the same vulnerability.

Therefore, it is important to take the necessary steps to protect yourself from this ransomware and other similar strains. Some safety measures include:

  • Keep your software updated
  • Invest in excellent cybersecurity technology
  • Do not open messages that have suspicious connections
  • Refrain from opening emails from unknown senders
  • Always back up all your information
  • Update your working framework
  • Keep watch of infected websites
  • Use a firewall to keep ransomware at bay
  • When attacked by the ransomware, do not pay the ransom as there is no guarantee of decryption.

How to Get Rid of WannaCry Virus from Your Framework

If your PC has been attacked with the WannaCryransomware, it is important to remove it. Deleting the ransomware will enable you to gain back access to the files that have been compromised. It also prevents the virus from encrypting data again. You can follow the steps below to remove it:

Method 1: Task Manager

When using Windows, you can check which programs are hogging the CPU via the task manager. Usually, malignant cycles will use almost all the computer’s processing resources.

To detect programs that abnormally uses lots of RAM and CPU:

  • Press on Ctrl+ Shift + Esc on your keyboard to open the Task Manager. This will show you the programs running and their CPU usage on the CPU column.
  • When you suspect that a program is a big user of CPU and it seems uncommon, right-click on it and choose Open File Location.
WannaCry Ransomware
WannaCry Ransomware
  • Go back to the Task Manager Window and right-click on the infected process. Then select End Task.
  • Once you are done, delete all the contents in the infected folder.

Method 2: Open the Registry

Another way to check whether your computer is infected by the WannaCryransomware is by searching for it in the Windows registry editor. To do this:

  • Go to the search box on the taskbar and type Regedit. Alternatively, you can right-click on the Windows Start button and then choose Run from the options provided. In the open box, input Regedit and click Ok.
  • This will open the Registry Editor.
  • Next, simultaneously press Ctrl + F keys and type the name of the virus and click on Find Next.
  • If there are results of the infection name, ensure to delete them.

Method 3: Configuration Program Startup

To follow this method:

  1. Open the Windows Task Manager by pressing on Ctrl+ Shift+ Esc
  2. On the tabs at the top of the page, locate Startup and click on it.
  3. Check for a suspicious program and right-click on it. Select Disable from the options provided.

Method 4: Using Safe Mode

You can disable the virus by allowing your device to go into safe mode. However, you should note that this manual removal process might be complicated.

For Windows 10/ Windows 8

  1. Right-click on the Start button and choose Settings from the menu.
  2. On the Settings window, navigate to Update & Security and click on it.
  3. Select Recovery from the left side panel.
  4. Next, go to the Advanced Startup section and click Restart now.
  5. On the Choose an Option tab, select Troubleshoot.
WannaCry Ransomware
WannaCry Ransomware
  1. Once Troubleshoot has opened, click on Advanced Options and then on Startup Settings.
  2. Then, click on
  3. On the Startup Settings, go to Enable Safe Mode with Networking (option 5).
WannaCry Ransomware
WannaCry Ransomware

If you are using Windows 7/ XP/Vista,

  1. Click the Start button and pick Then select Restart and then click Ok.
  2. When your computer turns on, press the F8 button severally until the Advanced Boot Options window appears.
  3. Choose Safe Mode with Networking from the list that appears.

WannaCry Ransomware

WannaCry Ransomware

Method 5: Use a Good Antivirus Program

Another way to protect your device against WannaCry and other ransomware attacks is by using a high-quality antivirus like Norton 360 Premium Anti Virus. This program will provide an effective defense for your PC against WannaCry and other ransomware and other hacking threats.


Although WannaCry is no longer active, you still need to watch other ransomware strains that could potentially infect your PC. If you are using an old Windows version, make sure that you update it and follow our tips provided above to protect your device against ransomware strains.