Unless you’re one of the unlucky people whose Windows computer was infected over the past few days by the WannaCry ransomware worm, you might have a hard time visualizing what actually takes place when the malware takes over your machine.
WannaCry infection in action
Thanks to the pseudonymous “malware historian” danooct1, anyone can watch WannaCry infect a Windows PC and encrypt its files.
Don’t worry — danooct1 is using a virtual machine, an emulated Windows 10 PC running inside another computer’s software, so that WannaCry’s infection is contained. Otherwise, as he notes, the malware would try to infect his roommates’ and his girlfriend’s computers as well.
You can see that the machine takeover happens pretty quickly after danooct1 runs WannaCry. His desktop files disappear and are replaced by encrypted versions of themselves. The computer continues to run normally, but the desktop background changes to a note informing the user that his files have been encrypted.
MORE: How to Protect Yourself from WannaCry Ransomware
Crucially, at one point the malware asks the user, “Do you want to allow this app to make changes to your PC?” Danooct1 allows it to, because, after all, the dialogue box identifies itself as coming from “Windows Command Processor.”
It’s not clear exactly what would happen if a user refused to allow those changes. The background note had already appeared before the dialogue box popped up, but the desktop files weren’t encrypted until after danooct1 granted permission.
Nevertheless, this does indicate that some WannaCry victims might be able to stop the infection, at least partway, by refusing to grant that permission.
- 12 Computer Security Mistakes You’re Probably Making
- Best Antivirus Protection for PC, Mac and Android
- Your Router’s Security Stinks: Here’s How to Fix It