Frenchman claims cure for WannaCry-infected computers

French researchers find last-ditch cure to unlock WannaCry files

The private cybersecurity industry has faced a series of unprecedented global crises so far in 2017, including WannaCry and Adylkuzz malware attacks.

The decryptor tool arrives just as the first computers infected by WannaCry a week ago (May 12) reach a crucial deadline set by the WannaCry developers.

The researchers — Adrien Guinet, Matthieu Suiche and Benjamin Delpy — worked separately to find ways to decrypt files scrambled and held hostage by WannaCry.

The tool, named Wanakiwi, is capable of defeating the WannaCry ransomware, which encrypts a user's files and demands a payment made in Bitcoin in order for the victim to regain access to their machine. To be safe, users may want to create backups of their most important files, wipe the machine and perform a fresh install of their operating system. The tool, known as wanakiwi, builds off a key discovery implemented in a different tool released Thursday. Extract the.zip file to a folder on your desktop.

Matt Suiche, cofounder of security firm Comae Technologies, has tested wanakiwi and reports that it works.

The researchers said the tools are not ideal and only work if the infected computers have not been rebooted after being hit by the programme. Microsoft patched all supported versions of Windows, including Vista, 7, 8.1, and 10 as part of the March Patch Tuesday, while Windows XP remained vulnerable to attacks as it's no longer getting support.

A new tool can save some files encrypted by the worldwide "WannaCry" ransomware attack, depending on users' operating systems.

However, WannaCry "does not erase the prime numbers from memory before freeing the associated memory", Guinet said, as cited by The Hacker News. "In short, his technique is totally bad ass and super smart".

WannaKiwi works by searching computer memory for remnants of the decryption key. The tool searches for the prime numbers of the private key in wcry.exe, the process responsible for generating WannaCry's private key, which will remain in memory until a reboot occurs. Although 90 percent of NHS organizations still have Windows XP on some machines, only five percent of all NHS machines run Windows XP.

Related:

Comments


Other news