You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
-Lurid Crime Tales-
French team finds way to unlock computers infected with WannaCry virus as ransom deadline looms
2017-05-20
[Telegraph] French researchers have found a way to save Windows files encrypted by the WannaCry virus, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago.

WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 (£230 to £460) within one week of infection.

A loose-knit team of security researchers scattered across the globe have revealed they have collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed.

But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.

Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning all affected PCs.
The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, whose day job is at the Banque de La Belle France.

Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning all affected PCs.

"This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups" which allow users to restore data without paying black-mailers.

As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britannia, La Belle France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.

Only 309 transactions worth around $94,000 appear to have been paid into WannaCry blackmail accounts, seven days after the attack began - just under one in 1,000 of the estimated victims.
In a box the Telegraph asks whether WannaCry can be removed without paying, and answers:
Yes, by using advanced anti-malware software. The malware can also be removed manually with a computer in "safe mode", however security experts warn this runs the risk of damage to a PC as users must go through sensitive system files in order to find and isolate files created by the Wanna Decryptor software.
Posted by:trailing wife

#3  I have considered returning to ME so the hacker's system also crashes.
Posted by: swksvolFF   2017-05-20 13:12  

#2  Vista, XP back in the old days was notoriously easy to infect. To roll the dice by hackers to target such vulnerable operating systems these days had to seem like long shot to them. There are so many newer operating systems now in use. But it did pay off.
Posted by: Blackbeard Omort5851   2017-05-20 01:07  

#1  And the solution only costs $500.
Posted by: gorb   2017-05-20 01:07  

00:00