What is WannaCry virus and how to remove it

Malware comes in many different forms from adware to worms that spread quickly and cause serious problems for major computer systems. WannaCry was an attack that exploited a flaw in Windows in order to extort money from users and gained notoriety around the world.

ransomware virus blocking screen

What is WannaCry?

Launched in May 2017, WannaCry was a ransomware attack that used a cyberworm to target Windows computers and encrypt data on them. It then demanded a ransom payment in Bitcoin to unencrypt the data.

WannaCry used an exploit developed by the US National Security Agency called Eternal Blue and which was released into the wild by a group of hackers called The Shadow Brokers. Eternal Blue exploited a vulnerability in Windows’ implementation of the SMB networking protocol and only worked on older Windows computers. Microsoft had already released a patch for it by the time WannaCry was released. However, many organisations had not applied the patch to their machines and were left vulnerable to the attack.

Despite Microsoft releasing an emergency patch, and the discovery of a kill switch that stopped computers that were infected spreading the worm, meaning that the attack only lasted a few days, it was estimated that more than 200,000 computers in 150 countries were hit. Estimates of financial loss varied between hundreds of millions and billions of dollars. Affected organisations included Boeing, Honda, and the UK’s National Health Service. Several governments, including the UK, US, and Australia asserted that North Korea was behind the attack.

This is how WannaCry and similar viruses typically look like:

computer infected by ransomware

How do I know if my computer has been infected by WannaCry?

The good news is that the WannaCry attack is now over, and in any case, it only affected Windows machines. So if you’re using a Mac you don’t have to worry about it. The only exception is that if you were using Boot Camp or a virtual machine to run Windows on your Mac. In those circumstances, if you were running an old version of Windows, it was possible to be infected.

Windows users whose machines were attacked saw an alert on screen telling them that their files had been locked and that in order to unencrypt them they would have to pay between $300 and $600 in Bitcoin.

Is there a Mac equivalent of the WannaCry virus?

There’s no direct equivalent, since WannaCry exploited a vulnerability in Windows. However, there have been and will be again ransomware attacks that affect Macs. For example, in 2016, a ransomware attack known as Patcher was distributed via BitTorrent, disguised as a tool to crack the authentication in Adobe Premiere CC and Microsoft Office 2016. And also in 2016, the KeRanger ransomware targeted Macs by hiding in downloads of BitTorrent client Transmission.

How can I avoid downloading ransomware?

The first thing you should do is be careful where you download software from. When you download cracked copies of software via a torrent, or pirated movies, or  any tool that claims to allow you to circumvent copyright or licence protection, you’re taking a big risk. Legitimate downloads have also been sources of ransomware in the past — the Transmission trojan was linked to from the official Transmission website — but it’s far less common.

your important files are encrypted

Installing antivirus software will also help protect you. And backing up regularly will mitigate the effects of files being encrypted, because you can just roll back to the backup.

remove virus wannacry

How to remove WannaCry virus

As we said above, WannaCry only affected Windows computers, so here is how to remove it from Windows. Before you start, make sure you’ve updated Windows will the most recent patches.

1. Click on the Start menu
2. Type Windows Defender into the search box
3. Double-click Defender to run a scan
4. If it finds anything, use Defender to remove it

If you can’t run Defender or it can’t remove the virus, the next step is to run a third party antivirus tool and use that to scan your PC and remove the virus.

If you have files that have already been encrypted, the simplest solution, if you have a recent download is to use that to recover versions of the files before they were encrypted. If you don’t have a backup, there are a number of tools available online that claim to decrypt files encrypted by WannaCry. You should do your own research on these and only download one when you’re satisfied that it does what it claims to.

how to remove virus from mac

What should I do if I think my Mac has a virus?

If you’re received a ransomware alert while using your Mac, or you suspect that it has a virus, you should backup your data immediately. However, if you have a regular backup schedule, don’t back up to the same destination. You don’t want to overwrite a recent backup with one that has an infection. Either backup to a different destination or, if you have recent backup, don’t backup at all.

Once you’ve done that you can download an antivirus tool or use an app like CleanMyMac X. It has a special Malware Removal module that can easily scan your Mac for any malware threats. CleanMyMac identifies thousands of them, including adware, spyware, ransomware, worms, and more.

remove malware from mac

1. Download CleanMyMac X (a free version)
2. Launch the app.
3. Choose Malware Removal.
4. Click Scan.
5. Click Remove.

 That’s it!

The WannaCry virus only affected Windows computers. However, Macs running Windows in Boot Camp or in a virtual machine could have seen those copies of Windows affected. The virus exploited a vulnerability in Windows implementation of SMB and encrypted files on the infected computer, demanding a ransom to unencrypt them. Microsoft released a patch and if you have an old Windows machine that’s infected, the best way to remove WannaCry is to update and use Windows Defender or an antivirus tool.  


These might also interest you:

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.