As 1st WannaCry deadline nears, French researchers claim cure

French researchers said on Friday they had found a way for technicians to save Windows files encrypted by WannaCry, the ransomware that threatens to start locking up victims' computers, which first affected the UK's National Health Service and spread globally about a week ago. These emails contained an encrypted, compressed file that penetrated target systems upon loading.

It was during the WannaCry outbreak that researchers discovered the worm only worked reliably on Windows 7, causing errors on other platforms, including Windows XP, on which most infosec talking heads falsely blamed for most WannaCry infections.

About two-thirds of the internet-connected computers sidelined by last week's unprecedented ransomware attack were running outdated versions of Microsoft's Windows 7 operating system at the time of infection, according to a new report. This too adds up in a different context, since Microsoft itself had said previously that Windows XP is less vulnerable than Windows 7 and Vista. That means the victim has to pay to get the key from the attackers.

The researchers said the tools are not ideal and only work if the infected computers have not been rebooted after being hit by the programme.

IBTimes UK earlier reported how French cybersecurity researcher Adrien Guinet, from Quarkslab, released a decrypting tool that allowed only Windows XP users to recover their data. The virus displays a message asking for $300 ransom in bitcoins to unlock the system.Kaspersky has listed Vietnam among the top 20 countries most affected by this ransomware; the other countries and territories include Russia, Ukraine, India, Taiwan, and mainland China.

WannaCry "does not erase the prime numbers from memory before freeing the associated memory".

As Suiche says, "this is not a flawless solution, but this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups".

Once inside Windows-based machines, the ranssomware attack launched another NSA tool called DoublePulsar, the backdoor implant tool used alongside EternalBlue in the WannaCry ransomware attack. The WannaKey decryption tool is available for free and works on Windows XP operating system.

  • Zachary Reyes