{"id":73233,"date":"2022-12-27T06:03:09","date_gmt":"2022-12-26T22:03:09","guid":{"rendered":"https:\/\/x-phy.com\/?p=73233"},"modified":"2025-11-25T10:23:09","modified_gmt":"2025-11-25T10:23:09","slug":"wannacry-ransomware","status":"publish","type":"post","link":"https:\/\/x-phy.com\/wannacry-ransomware\/","title":{"rendered":"What is WannaCry Ransomware and How to Protect Your Data"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What is WannaCry Ransomware?<\/h3>

WannaCry Ransomware is a type of malware\/computer worm that targets the windows operating system. It is also known as WannaCrypt0r, WannaCrypt, WCRY and WRypt. WannaCry has two malicious components combined which is ransomware variant and worm. It works together during the attack stage. In 2017, it attacked a huge number of computers from more than 150 countries and companies including FedEx, Telefonica were targeted. In Singapore, Tiong Bahru Plaza and White Sands are believed to be targeted by the WannaCry ransomware attack. The 2017 incident is one of the most high profile ransomware attacks that ever took place. Across the globe, the estimated cost of the cybercrime caused by the WannaCry ransomware is calculated as $4 billion USD. It mainly targets the older version of windows operating system. The employees working in the office are the main targets which is around 43% of the victims.
\"\"
Sample screenshot of the WannaCry attack ransom payment procedure
\"\"
Attack flow
Source: https:\/\/dig.watch\/trends\/wannacry<\/a>
Additional Reference
\"\"
Source: https:\/\/www.europol.europa.eu\/wannacry-ransomware<\/a><\/p>

X-PHY protection against Wanna Cry<\/h3>

Flexxon tested the WannaCry ransomware on a X-PHY\u00ae SSD and a normal SSD to see the responses. In less than 5 seconds, X-PHY\u00ae stopped the attack dead in its tracks, locked all data keeping it untouched, and immediately notified the user via email.<\/p>

Here are the screenshots of the results,<\/p>

Testing without X-PHY, <\/b><\/h5>

\"\"
As the first step, the ransomware was tested on the normal SSD and the laptop security only relies on the antivirus software. The antivirus shows that the computer is safe and it doesn\u2019t detect the ransomware. It can only detect the known ransomware as it relies on the signature based detection and it won\u2019t be able to detect the unknown ransomwares.
\"\"
The WannaCry.py is the modified version of the ransomware and it wasn\u2019t detected by the antivirus software. This folder contains a few GB of data for the testing purpose and it will be attacked by the WannaCry ransomware.
\"\"
Currently, the ransomware is activated and it starts to encrypt the files in the test folder.
\"\"
The WannaCry ransomware encrypted all the files in the test folder. The encrypted files are ending with .crypt. In real life scenarios, it can only be recovered if the victim pays the ransom to the hacker to get the decryption key.<\/p>

Testing with X-PHY <\/b><\/h5>

\"\"
Before running the ransomware with the X-PHY SSD inside the laptop, please check the configuration settings in the X-PHY tool and make sure that the security features are turned on to protect against the ransomware attack. If it\u2019s not enabled, you need to click apply and verify again with the password that you used to log in the X-PHY tool along with the 2FA.
\"\"
After enabling the security features, the WannaCry ransomware activated in the test folder.
\"\"
Within a few seconds, the X-PHY is able to detect the ransomware by recognising the ransomware behavior in the read and write pattern at firmware level. The X-PHY SSD locks and the laptop shutdowns immediately.
\"\"
At the same time, you will be receiving the email alert regarding the ransomware attack.
\"\"
When you restart the laptop after the ransomware attack, it goes into the boot menu as the X-PHY SSD is locked to secure the data inside. To unlock it, the user needs to open the X-PHY mobile application and connect to the X-PHY SSD via bluetooth.<\/p>

Once you unlock it, the data inside the test folder is secured and protected because of the X-PHY protection. The files inside the folder aren\u2019t encrypted and it can be accessed as per normal.
\"\"<\/p>

X-PHY\u00ae<\/sup> Response Flow<\/h3>