Published: Fri, May 19, 2017
Hi-Tech | By Grace Becker

Frenchman claims cure for WannaCry-infected computers

Frenchman claims cure for WannaCry-infected computers

WannaCry ransomware locks up files, but XP users may now have a way of recovering them but only if they haven't restarted their machine.

Dubbed WannaKey, the tool exploits an unpatched security hole in Windows XP - one of the operating systems most badly affected by WannaCry thanks to its relatively widespread use and long-expired support contracts - which fails to clear the private key from memory when the platform's built-in encryption tool is used.

So if you've rebooted since your computer was hit by WannaCry, you might be out of luck.

However, because of new software developed by French researcher Adrien Guinet, Windows XP users whose computers were compromised by WannaCry can now remove the infection without having to pay the $300 ransom. WannaCry encrypts victims' computer files and displays a message demanding ransoms to be paid in the digital currency Bitcoin before people can get their files back. Right-click the file in your Downloads folder and select "Extract all".

Joe Lieberman is front-runner to be next Federal Bureau of Investigation director
Popular Video SNL is not a fan of the Trump administration, and it shows with every new skit they produce. But the idea of having Lieberman replace Comey did not engender much enthusiasm among Senate Democrats.

Suiche, based in Dubai and one of the world's top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.

The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. "If you are lucky (that is the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory", explains Guinet. "In short, his technique is totally bad ass and super smart". In Windows XP these numbers are not deleted from the computer's memory at the end of the process, although they can be overwritten. Delpy's Wanakiwi extends compatibility to Windows 7 and, by implication, to Windows Vista, which was released between Windows XP and Windows 7. Once recovered, these prime numbers can be used to restore the files encrypted by the ransomware on infected computers. However, the flaw that the decryption tools exploit was fixed in Windows 8 and later.

A developer has released a tool to fight the WannaCry ransomware, which started affecting PCs worldwide last Friday and has helped hackers gain control over 300,000 systems. Note: The software is now tested and known to work fine with Windows XP only.

Like this: