Protect systems from future infection by WanaCry with TearSt0pper and CONTINUE TO PATCH MS17-010.
- Systems will have to be running TearSt0pper to prevent active exploitation. TearSt0pper will have to be re-run each time the machine is rebooted. This can be done by using an autorun key
- TearSt0pper is not actually preventing exploitation. By the time TearSt0pper springs into action, the host has already been exploited. TearSt0pper just prevents the ransomware from encrypting files.
- Future versions of ransomware and/or malware deployed via MS17-010 may use different mutexes. Rendition will stay abreast of the latest mutexes and release new versions. If you sign up for email notification when you download, you will be notified when new version are available.
- TearSt0pper cannot be used to decrypt files from a system where files have already been encrypted. TearSt0pper does not disinfect a system, it merely uses the malware’s logic against it.
- TearSt0pper works for WinXP and forward, please contact us if you require earlier OS support.
Download TearSt0pper below. We highly recommend that you register for update notification so we can let you know when new versions of TearSt0pper are available. Your information will never be shared with a third party (because we hate that too).
Register here for your free TearSt0pper download:
The TearSt0pper service can be downloaded here.
To install, just copy the binary to wherever you want to run it from (C:\windows\system32\ is great). Then open a command prompt as admin and run “tearSt0pperService.exe /i” to install. Then open the services console and start the “Rendition Infosec TearSt0pper” (or in the original admin command prompt run the command “net start ‘Rendition Infosec tearSt0pper’ “).
The service will automatically start every time the machine boots. If you want to uninstall the service, open an admin command prompt and run “tearSt0pperService.exe /u” – this will uninstall the service (but will not delete the binary).