So thats pretty much what this ransomware is, it exploits a vulnerablility within Windows system and eventually encrypts all your files and data making your
computer completely unusuable, then it demands a handsome amount of ransom
to Decrypt your files and make your Computer usable again.

Over 2 million systems all over the world are already affected by it and of which
5% from India only.

The Indian government is trying every bit to prevent this attack. The Ministry of Electronics and Information Technology has organized a live session this morning
for awareness and prevention of this virus, they even mass mailed Indian citizens

HOW TO MAKE MYSELF SECURE?
This is the first question that comes to mind right now, so here is how you can do that:

Windows update MS17-010
The virus uses EternalBlue exploit, which is closed by Microsoft security update MS17-010 released in March. I recommend that you check update center for presence of such an update (by code) on your computer (for example, code for Windows 7 will be KB4012212 or KB4012215).

If updates are not installed, you can download them from official Microsoft website:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

For older systems (Windows XP, Windows Server 2003 R2), Microsoft released special patches:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Close ports 135 and 445
To prevent penetration, block the ports 135 and 445 through which the virus penetrates (in most cases they are not used by ordinary users).

To do this, open the console with administrator rights (cmd.exe -> run as administrator). And execute in turn two commands (after each command there should be status OK).

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

Disabling SMBv1 support
The vulnerability can also be closed by completely disabling SMBv1 support. Run this command in cmd (run as administrator).

dism /online /norestart /disable-feature /featurename:SMB1Protocol

Smart stay
Apart from these technical methods I’ll additionally recommend you to Search Safe,
Surf Safe, that is for this time being don’t even browse or download from Untrusted
Websites, torrents etc. And if possible then avoid using Windows for this time being.
Dual boot a free Linux distro and you don’t have to worry about these.
Please do not open any email which has attachments with tasksche.exe
Or rather don’t download any email attachments for the time being.

WHAT TO DO IF I AM ALREADY INFECTED?

Well, thats definitely a bad news for sure but you have to take some important measures
If you find yourself infected then Do these without wasting time:

Immediately isolate the system from Network

Run cleanup tools and clean your computer of the virus, Download here 

Preserve the data even if its encrypted
So before cleaning up you might want to backup all your data in an external hdd,
Cause maybe in some days a Cure for this will be discovered and then you will be able to recover your data

If you are from India then Report the incident to CERT-In and local law enforcement agency

Send the Report to incident@cert-in.org.in

INDICATORS OF COMPROMISE

Ransomware is writing itself into a random character folder in the ‘ProgramData‘ folder with the file name of “tasksche.exe” or in ‘C:\Windows\‘ folder with the file-name “mssecsvc.exe” and “tasksche.exe“.

Ransomware is granting full access to all files by using the command:
Icacls . /grant Everyone:F /T /C /Q

Using a batch script for operations:
176641494574290.bat

use endpoint protection/antivirus solutions to detect these files and remove the same

FOR CYBER SECURITY RESEARCHERS
Hashes for Wannacry:

5bef35496fcbdbe841c82f4d1ab8b7c2
775a0631fb8229b2aa3d7621427085ad
7bf2b57f2a205768755c07f238fb32cc
7f7ccaa16fb15eb1c7399d422f8363e8
8495400f199ac77853c53b5a3f278f3e
84c82835a5d21bbcf75a61706d8ab549
86721e64ffbd69aa6944b9672bcabb6d
8dd63adb68ef053e044a5a2f46e0d2cd
b0ad5902366f860f85b892867e5b1e87
d6114ba5f10ad67a4131ab72531f02da
db349b97c37d22f5ea1d1841e3c89eb4
e372d07207b4da75b3434584cd9f3450
f529f4556a5126bba499c26d67892240

Network Connections
The malware use TOR hidden services for command and control. The list of .onion domains inside is as following:

• gx7ekbenv2riucmf.onion
• 57g7spgrzlojinas.onion
• Xxlvbrloxvriy2c5.onion
• 76jdd2ir2embyv47.onion
• cwwnhwhlz52maqm7.onion
• sqjolphimrr7jqw6.onion

IMPORTANT LINKS AND CONTACTS

http://www.cert-in.org.in
http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

So, I bought my new Laptop on November 2015,  two months after my old Lenovo Z510 was stolen. And this is a hp pavillion with i5 6200U ULV Processor. Well, I couldn’t tell how much frustrating it was to downgrade from Ravaging quadcore i7 to an i5 that has only 2 cores. However, it couldnt be helped and I gotta improvise now.

Now, this laptop came with preinstalled Windows 10 but I am pretty much a Linux guy,
you see. So I needed to get any Linux distro running on my system asap.
I chose Ubuntu over any other Linux distro (2nd fav Fedora 😀 ), cause I’m very much fond of it.

I dual booted my laptop with Win10 and Ubuntu 14.0.4 LTS. It was running on top of latest Linux kernel 3.8.11 , after successfully installing Ubuntu I noticed someting,
I found that my WiFi signal is weak.

I was completely Stunned at this cause I was just sitting next to my router and my WiFI signal is just two bars only. Not only that it was getting disconnected often due to poor signal. I thought my WiFi driver is not updated so I quickly updated them using following commands:

$ sudo add-apt-repository ppa:hanipouspilot/rtlwifi
$ sudo apt-get update
$ sudo apt-get install rtlwifi-new-dkms linux-firmware

But it Didn’t work . It was a frustrating experience and no solutions could be found.
I thought then this might be a hardware issue so, I booted back to Windows and there
it was all acting normally . I was clueless . I searched in Ubuntu Forums but did found no suitable solution to this problem.

I reinstalled Ubuntu with a version upgrade 15.04
But the problem remained at it was. I thought this maybe some bug in Ubuntu, So
I decided to give it a try with other distros, so one by one Solus, Fedora 23, RedHat, Mint
I installed all these but got the same WEAK wifi signal in not only Ubuntu but in every Linux Distros.

I understood that the bug is in the Linux Kernel itself. So i tried to upgrade the Kernel  to latest mainline version . Even after upgrading the kernel the problem remained.

Months have passed during al these . And there was still no solution to this problem.
I subscribed to every forum concerning this problem. One day, I found something on
a forum about my wifi driver RTL8723BE . A folk named Jerry Gorland wrote some
intereseting things about this problem .

“…for my particular case (HP Stream 11-r010 Cloudbook with N3050 Celeron and HP Model No. 792204-001 30x22mm M.2 Wi-Fi card): Moving the single antenna cable from one connector to the other (as shown in the attached diagram) solved the problem. This would explain why the laptop worked only when sitting right next to the Wi-Fi router: With Linux the card is configured to use the other connector compared to Windows. Now I am two floors up from my router and connected well with Xubuntu 14.04. With Xubuntu, all the hotkeys work…”

In his case the problem seem to have solved after he moved the single antenna cable to the other connector. If you gut-open your laptop then you would probably found something like this. This is the Wireless chip (wlan) inside our laptops and as you could see in the top-left corner of the picture there are two connectors there. By default the cable is connected to port 1 . But in this case as Jerry suggested we have to change it to port 2 .

Well, Jerry’s solution was risky but it was effective. People around the world were saying this is working. But too bad for me is my Laptop is still in warranty period I couldn’t just
gut-open my laptop and operate on it. I had to think of some other solution.

So, I researched a lot and learned that this may be a problem with the Driver Configuration in modprobe . Because the configuration was set up wrongly so the modules weren’t correctly loading into the OS Kernel . I reported this to Realtek  but they didn’t seem to take any notice of it. But, the good thing about Opensource community is here people help each other.

A FOSS developer named Larry Finger (aka lwfinger) decided to take things into own hands. And he created a new repository and rebuilted the drivers for rtl8192ce, rtl8192se, rtl8192de, rtl8188ee, rtl8192ee, rtl8723ae, rtl8723be, and rtl8821ae.

Now it was all good to go, downloaded the zip and then used simple make command to install it .

$ make
$ sudo make install

Now the problem should have been solved by now but somehow it remained . So, we figured it out that this still have the issue with the Antenna part . The hardware fixing part
was seemed impossible to avoid now. We did a last try using this command

$ sudo modprobe -rv rtl8723be
$ sudo modprobe -v rtl8723be ant_sel=2

It was an wild attempt to somehow manipulate the kernel to treat the 2nd antenna as active . And Guess what ?

IT WORKED  .

Quite miraculuosly! Did a quick scan around the networks . And it showed all networks with expected signal strength. But the setting wasn’t permanent after a reboot it’ll change back to default .

$ sudo iw dev wlp2s0 scan

But that is easy to handle . One just need to modify the modprobe configuration under root priviledge and save it as permanent.

$ sudo echo "options rtl8723be ant_sel=2" > /etc/modprobe.d/50-rtl8723be.conf

Signal strength is Excellent now! The Problem which consisted for so long a time period has now been solved. Finally : )

Life is all good now .