What is WannaCry ransomware and How to protect your data from the WannaCry ransomware?

What is WannaCry Ransomware?


WannaCry Ransomware is a type of malware/computer worm that targets the windows operating system. It is also known as WannaCrypt0r, WannaCrypt, WCRY and WRypt. WannaCry has two malicious components combined which is ransomware variant and worm. It works together during the attack stage. In 2017, it attacked a huge number of computers from more than 150 countries and companies including FedEx, Telefonica were targeted. In Singapore, Tiong Bahru Plaza and White Sands are believed to be targeted by the WannaCry ransomware attack. The 2017 incident is one of the most high profile ransomware attacks that ever took place. Across the globe, the estimated cost of the cybercrime caused by the WannaCry ransomware is calculated as $4 billion USD. It mainly targets the older version of windows operating system. The employees working in the office are the main targets which is around 43% of the victims.
Sample screenshot of the WannaCry attack ransom payment procedure
Attack flow
Source: https://dig.watch/trends/wannacry
Additional Reference

X-PHY protection against Wanna Cry


Flexxon tested the WannaCry ransomware on a X-PHY® SSD and a normal SSD to see the responses. In less than 5 seconds, X-PHY® stopped the attack dead in its tracks, locked all data keeping it untouched, and immediately notified the user via email.

Here are the screenshots of the results,
Testing without X-PHY,
As the first step, the ransomware was tested on the normal SSD and the laptop security only relies on the antivirus software. The antivirus shows that the computer is safe and it doesn’t detect the ransomware. It can only detect the known ransomware as it relies on the signature based detection and it won’t be able to detect the unknown ransomwares.
The WannaCry.py is the modified version of the ransomware and it wasn’t detected by the antivirus software. This folder contains a few GB of data for the testing purpose and it will be attacked by the WannaCry ransomware.
Currently, the ransomware is activated and it starts to encrypt the files in the test folder.
The WannaCry ransomware encrypted all the files in the test folder. The encrypted files are ending with .crypt. In real life scenarios, it can only be recovered if the victim pays the ransom to the hacker to get the decryption key.
Testing with X-PHY
Before running the ransomware with the X-PHY SSD inside the laptop, please check the configuration settings in the X-PHY tool and make sure that the security features are turned on to protect against the ransomware attack. If it’s not enabled, you need to click apply and verify again with the password that you used to log in the X-PHY tool along with the 2FA.
After enabling the security features, the WannaCry ransomware activated in the test folder.
Within a few seconds, the X-PHY is able to detect the ransomware by recognising the ransomware behavior in the read and write pattern at firmware level. The X-PHY SSD locks and the laptop shutdowns immediately.
At the same time, you will be receiving the email alert regarding the ransomware attack.
When you restart the laptop after the ransomware attack, it goes into the boot menu as the X-PHY SSD is locked to secure the data inside. To unlock it, the user needs to open the X-PHY mobile application and connect to the X-PHY SSD via bluetooth.

Once you unlock it, the data inside the test folder is secured and protected because of the X-PHY protection. The files inside the folder aren’t encrypted and it can be accessed as per normal.

X-PHY® Response Flow



  • X-FILE FORENSIC AGENT features ACTIVE DETECTIVE and DEEP INVESTIGATION introduce extra file protection features by preventing any illegal data modifications. They also record all activities and their application, making it easy for X-PHY® to identify suspicious actors.

  • X-GUARD THREAT LOCK features SECURITY SCOUT and GUARDIAN PRO-X work together to stop any attempt by the ransomware to breach or clone your sensitive data.

  • After noticing suspicious activity to breach and/or to encrypt user data, it will trigger X-FACTOR ENCRYPTION LOCK. KEYCODE 2-FACTOR feature within X-FACTOR ENCRYPTION LOCK locks down all the data in X-PHY® making it inaccessible to the ransomware.

  • X-PHY® SSD sends notification to the user in their computer showing that ransomware has been detected. An email notification is also sent to the user simultaneously through the user’s registered email. The user will require OTP to unlock the SSD.

  • X-PHY® records the attack activity in the event log, and will automatically stop any action with the same behavior in the future.

Share This On Your Favorite Social Media!