Mardi, 20 Novembre 2018
Dernières nouvelles
Principale » French researchers find last-ditch cure to unlock WannaCry files

French researchers find last-ditch cure to unlock WannaCry files

19 Mai 2017

Guinet, a security researcher at Paris-based Quarks Lab, published the basic technique for decrypting WannaCry files on Thursday, which Delpy then figured out how to turn into a practical tool to salvage files.

For those infected by the ransomware and without unaffected backups, there is hope: developer Adrien Guinet has released a tool which is capable of recovering the private key used to encrypt files on an infected system, allowing the contents of the files to be decrypted without paying the ransom demanded by WannaCry's creators.

There are several caveats, though.

It only works for Windows XP and only if the machine has not been rebooted after the infection.

He also found that it does not erase the prime numbers from memory before freeing the associated memory, and hence he was able to create a WannaCry ransomware decryption tool, named WannaKey, which basically tries to retrieve the two prime numbers used in the formula to generate encryption keys. Unfortunately, the tool will only work on those affected computer that haven't been rebooted after the attack or for computers with associated memory that hasn't been allocated and erased by user or by some other process, added Guinet.

Saudi Arabia says Trump visit will bolster cooperation, trade: foreign minister
McMaster, noted when announcing Trump's decision to visit Saudi Arabia first. No president has ever put Saudi Arabia first so visibly.

This tool is said have to developed on Guinet's findings and is available to download from Github.

Now a free tool has been released to decrypt WannaCry infected files on Windows computers.

So WannaCrypt can lock up Windows XP files, but XP PCs were not vulnerable to the NSA's worm-like spreading mechanism, which exploited a flaw in Microsoft's network file-sharing protocol, SMB.

But it doesn't clean up the memory on Windows XP, which enables the WannaKey software to recover the PC.

The tool author points out that although the Windows Crypto API has been used properly by the ransomware attackers and this anomaly seems to be exclusive to Windows XP. Although 90 percent of NHS organizations still have Windows XP on some machines, only five percent of all NHS machines run Windows XP.