Frenchmen claim cure for WannaCry-infected computers

Adjust Comment Print

Of course, the patch did not stop Windows XP users from getting infected, but, thankfully, a decryption tool, called WannaKey, is now available and should help recover your locked files.

In his research summary, Guinet - who works for the Paris-based firm Quarkslab - said his software had only been tested to work under Windows XP. "Please also note that you need some luck for this to work (see below), and so it might not work in every case!" Note: The software is now tested and known to work fine with Windows XP only.

WannaCry - also known as WannaCrypt and Wanna Decryptor - made headaches for system administrators the world over this past weekend when it exploited a vulnerability in all Windows operating systems bar a fully up-to-date Windows 10 to infect hundreds of thousands of machines and encrypt their files.

The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.

WannaCry encrypts victims' computer files and displays a message demanding ransoms to be paid in the digital currency Bitcoin before people can get their files back. The ransomware uses the Microsoft Cryptographic Application Program Interface included with Windows to handle numerous functions, including generating the key for encrypting and decrypting the files.

Notorious child serial killer Ian Brady has died in prison
But Brady never expressed remorse for the killings, and the judge in his trial said both he and Hindley were "evil beyond belief". Brady, who reportedly had cancer, died in the high-security Ashworth Hospital near Liverpool overnight, British media reported.

Guinet says an overlooked limitation in XP, however, can prevent this erasure.

His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full encryption key.

"If you are lucky (that is the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory", Guinet wrote. While PCMag has not tested Wanakiwi because we don't have any computers infected with WannaCry, Europol announced in a tweet on Thursday that its cybercrime law enforcement division tested it and found that the tool could "recover data in some circumstances".

Last Friday, WannaCry attacked more than 200,000 computers in 150 countries after someone used an advanced hacking tool developed by the National Security Agency to deliver the ransomware. This is why many users even after paying the ransom have not been able to get their data back.