How to solve Wanacry Issue | Steps to solve Wanacry Issue?

Wanacry:                     

Step #1 - Look for Registry Entries

·         Registry Artifacts: 

·         HKLM\Software\WanaCryt0r\wd

·         HKCU\Software\WanaCrypt0r\wd

·         2 Persistent Registry Keys

·         HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\<random>

·         Value: <full_path>\tasksche.exe

·         HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\<random>

·         Value: <full_path>\tasksche.exe

        

Step #2 - Look for File Remnants 

·         ANY Files with a *.wnry extension - typically in %CD%\msg\ directory

·         Look for @Please_Read_Me@.txt

·         Look for @WanaDecrypt0r@.exe

·         Under C:\Windows look for the file named qeriuwjhrf

         

         

Step #3 - Look for specific File Processes & Hashes      

·         Mssecsvc.exe

·         Path: C:\WINDOWS\

·         MD5: db349b97c37d22f5ea1d1841e3c89eb4

·         Description: Dropper + worm component

·         Related Files Created:

·         %TEMP%\m.vbs

·         %TEMP%\b.wrny

·         %TEMP%\c.wrny

·         taskse.exe

·         taskdl.exe