Microsoft withheld update that could have slowed WannaCry
- Author: Joanne Flowers May 23, 2017,
May 23, 2017, 13:58
Once users run the programme, it automatically scans a computer's memory for prime numbers - the foundation of encryption - and uses them to generate unlock keys for encrypted files.
Users of older software, such as Windows XP, had to pay hefty fees for technical support, it added. The majority of WannaCry victims were utilizing either of those operating systems, so the solution should help most people who've been affected or do get hit in the future.
As of Friday, May 19, the malware had infected more than 416,000 systems, according to the United Kingdom -based security researcher who helped put a stop to the initial attack. First: update. Enable Windows Update on your computer, install security updates regularly and download the patch from Microsoft's website immediately.
That's likely because many victims appear to be taking the advice of security officials, which is to not pay cyber-ransoms - namely because there's little chance of getting your data back even if you do. While most of the world is talking about how their machines can be restored and safeguarded, another debate recently soared that shamed Microsoft over not rolling timely security updates for its older operating system that still power a significant number of PCs, most notably Windows XP.
What is particularly interesting is how few computers running Windows XP were infected - so few, in fact, that Kaspersky deemed those machines statistically insignificant.
The Verge found analysis that determines 98% of Wannacry victims were running Windows 7. It should also be noted that the tool works on infected computers that have not been rebooted since they were hit by WannaCry. Although Microsoft did advise all its users to upgrade their systems, users thought Windows XP was at risk, instead of Windows 7. As of Friday, the three accounts known to collect ransom payments had received less than $100,000 worth of the cybercurrency bitcoin, an amount that security researchers say is small compared with how widely WannaCry spread.
'Cyber criminals target financial systems, in particular banks, but as banks tend to be larger organisations they tend to have good security systems, ' he said.
This is just a method you can try if you are infected. Indeed, for what I've tested, under Windows 10, CryptReleaseContext does cleanup the memory (and so this recovery technique won't work).