The WannaCry Ransomware Attack: Combating Ransomware Is Possible

Wannacry Reading Time: 2 minutes

WannaCry, the ransomware that attacked networks in many leading healthcare organizations and other organizations across the globe on Friday, is hot news.

WannaCry, which hit organizational networks in 150 countries on 12 May, 2017, targets systems/networks functioning on Microsoft Windows OS and has already infected
over 230,000 computers. It has also wreaked havoc on UK’s National Health Service (NHS) and is said to be unprecedented in scale. This ransomware has reportedly led to as many as 70,000 devices- computers, MRI scanners etc-being affected and many non-critical emergencies being turned away by the NHS. Many other leading organizations in different parts of the world have been hit by this ransomware.

How to Combat Ransomware?

Well, combating ransomware is possible. To understand this, it’s first important that we understand what a ransomware is and how it works. Melih Abdulhayoğlu, CEO of the Comodo Group, has come up with a blog post titled ‘Ransomware PREVENTION – Yes it is POSSIBLE!’ on his official website immediately after the WannaCry attack has happened.

The Comodo CEO explains how Ransomware WannaCry works. He explains that the malware would read all data and then encrypt all data on a system. Then it would overwrite all the original data in the hard drive of the infected system with the encrypted data and then would demand ransom for decrypting the data, which has become inaccessible for the user/organization.

In his post, Melih Abdulhayoglu explains how Comodo’s technology helps combat ransomware by creating a virtual hard drive, a virtual registry and virtual COM interfaces. He explains-

“So let’s see how WannaCry will cry when it hits a Comodo protected computer:
WannaCry comes into your computer……sure welcome…
WannaCry asks to read the files…..we say no problem it’s allowed to….
WannaCry says I want to encrypt these files in RAM memory…..go ahead it’s allowed to…..
WannaCry says, I want to now overwrite your original files on your hard disk with the encrypted files I just created in RAM (don’t forget unless WannaCry can overwrite the hard drive there is no damage)

Comodo says, not so fast WannaCry……here is a Fake Hard drive (Virtual Hard Drive) that I created earlier for you, go ahead and write to that…yes yes of course it’s the real one, don’t worry my friend WannaCry….Of course WannaCry doesn’t realize its fake and goes ahead and writes to it…..

So your original files are still safe and untouched by WannaCry and Prevention from ransomware is reality!”

The post also includes a video made by a Comodo user of how Ransomware WannaCry has been successfully prevented.