However Symantec has not found any code within the ransomware which would cause files to be deleted. Decryption of encrypted files is not possible at present but Symantec researchers continue to investigate the possibility. If you have backup copies of affected files, you may be able to restore them.Symantec does not recommend paying the ransom. In some cases, files may be recovered without backups.Organizations are particularly at risk because of its ability to spread across networks and a number of organizations globally have been affected, the majority of which are in Europe. Current Wanna Cry activity is not believed to be part of a targeted attack.
The number of exploit attempts blocked by Symantec dropped slightly on Saturday and Sunday but remained quite high.
Proactive protection was provided by: Customers should have these technologies enabled for full proactive protection. The ransom note indicates that the payment amount will be doubled after three days.
SEP customers are advised to migrate to SEP 14 to take advantage of the proactive protection provided by Advanced Machine Learning signatures. Wanna Cry searches for and encrypts 176 different file types and appends . If payment is not made after seven days it claims the encrypted files will be deleted.
Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12.
Wanna Cry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers, which were patched by Microsoft in March 2017 (MS17-010).
While these findings do not indicate a definitive link between Lazarus and Wanna Cry, we believe that there are sufficient connections to warrant further investigation.