Cure for WannaCry found
- Author: Arturo Norris May 22, 2017,
May 22, 2017, 7:15
Guinet also said the software may not work on machines running on Windows 10 as the prime numbers are deleted there.
According to security researcher Adrien Guinet who works at Quarkslab, WannaCry ransomware encrypts files on a computer by relying on public-private key pairs.
Have a computer infected by WannaCry ransomware?
For the tool to work properly, the infected PC must not be rebooted.
Europol said on Twitter that its European Cybercrime Centre had tested the team's new tool and said it was "found to recover data in some circumstances". A patch was issued to protect Windows 7 from this kind of exploit in March, so these would appear to be systems that haven't yet been updated. Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix. The researcher claims that the tool can decrypt files encrypted by WannaCry ransomware files and the underlying idea is the same as implemented by Guinet. It's called Wanakiwi, and it attempts to replicate WannaCry's encryption key by sniffing out prime numbers-the building blocks of the widely used RSA encryption method-that are stored in the ransomware's code.
Wanakiwi is available on Github; once you've downloaded it and clicked on the wanakiwi.exe executable file, it will automatically begin looking for the prime numbers.
The so-called "WannaCry" virus wreaked havoc around the world in recent days by primarily infecting vulnerable Windows 7 computers connected to the internet, security ratings firm BitSight told Reuters on Friday. "This is not a flawless solution", Suiche noted, given the limited set of conditions that "Wanakiwi" need in order to work. Incidentally, most of the infections occurred in China and Russian Federation, with the United States reportedly only seeing about 7% of worldwide infections.
This may reflect a variety of factors, security experts say, including scepticism that attackers will honour their promises or the possibility that organisations have back-up storage plans allowing them to recover their data without paying ransom.