Wannacry Attacks: Indian Tech Student Comes up With a Solution

An Indian tech student claims to have a easy solution to WannaCry ransomware – and he calls it Wannasmile.

Roshun Povaiah
Tech News
Published:
The WannaCry ransomware has affected computer systems running Windows XP across the globe. (Photo: iStock)
i
The WannaCry ransomware has affected computer systems running Windows XP across the globe. (Photo: iStock)
null

advertisement

The extent of the WannaCry ransomware attacks worldwide are far-reaching, hitting over 300,000 computers and networks worldwide. The malicious software exploits a security flaw in computers running Windows XP.

The ransomware usually enters a person’s computer through an email file attachment or a dubious web link. Once it installs itself in a computer, it blocks access to all the user’s data and displays an image asking for ransom to unlock the files – hence the name ‘ransomware’.

If a user does pay up, the software checks back with a host domain, whether to allow access to the computer or not – called the kill switch it ‘kills’ the malware on the computer.

Microsoft was quick to release a patch to fix the flaw on computers running Windows XP, but the ransomware attacks continue – as a lot of the operating systems are pirated copies, and hence ineligible for updates. 

However, a 19-year-old software student from Assam, Indrajeet Bhuyan, and his friend Hrishikesh Barman, claim to have found a solution to the Wannacry malware attacks, with a simple fix. He calls his software ‘Wannasmile’. He developed a couple of batch files that users can download and install on their systems to prevent attacks. These batch files work on machines that are connected to the Internet as well as those which are not connected to the Net.

Also Read: WannaCry Ransomware FAQ: The Bug That Hit PCs Across the Globe

Indrajeet Bhuyan has developed a solution called WannaSmile. (Photo Courtesy: Indrajeet Bhuyan)

What Bhuyan’s software does is to set up a proxy server, which fools the ransomware into thinking it is communicating with its designated domain. This fake domain then instructs the malicious software to kill itself – that is allow the user access as usual. It also turns the SMB (Server Message Block) protocol off on a user’s machine. This is usually turned on by default in Windows XP – and is a protocol that the ransomware exploits to infect the machine.

Here is a video explanation of the steps involved, sent to The Quint by Bhuyan.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: undefined

ADVERTISEMENT
SCROLL FOR NEXT