Frenchmen claim cure for WannaCry-infected computers

May 19, 2017
Credit: CC0 Public Domain

French researchers have released software tools that they claim can restore some of the computers locked up by a global cyberattack that held users' files for ransom.

The researchers said, however, that the tools are not perfect and only if the computers infected with the WannaCry ransomware have not been rebooted after being hit. For that reason, the technique isn't likely to help many people. In addition, companies needing to restore their operations right away likely would have turned to backups, if available, by now.

The developments came Friday, the apparent deadline for owners of some to pay a ransom of up to $600 or lose their files forever. As of Friday, the three accounts known to collect ransom payments had received less than $100,000 worth of the cybercurrency bitcoin, an amount that security researchers say is small compared with how widely WannaCry spread.

The researchers—Adrien Guinet, Matthieu Suiche and Benjamin Delpy—worked separately to find ways to decrypt files scrambled and held hostage by WannaCry.

In his research summary, Guinet—who works for the Paris-based firm Quarkslab—said his software had only been tested to work under Windows XP. He added the software helps recover the prime numbers of the RSA private key that are used by WannaCry.

After Guinet's fix came out, others looked for ways to extend that to other operating systems and have succeeded in applying the technique to the newer Windows 7 system as well.

Chris Wysopal, with the security company Veracode, said that after ransomware attacks, researchers will often infect one of their own machines on purpose to see if the key is somehow left in the memory. That happened here with some systems of Windows.

Explore further: Explainer: What is ransomware?

More information: blog.comae.io/wannacry-decrypt … wi-demo-86bafb81112d

Related Stories

Explainer: What is ransomware?

May 13, 2017

Computers across the world were locked up Friday and users' files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies.

Alarm grows over global ransomware attacks

May 12, 2017

Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.

Recommended for you

New method analyzes corn kernel characteristics

November 17, 2017

An ear of corn averages about 800 kernels. A traditional field method to estimate the number of kernels on the ear is to manually count the number of rows and multiply by the number of kernels in one length of the ear. With ...

Optically tunable microwave antennas for 5G applications

November 16, 2017

Multiband tunable antennas are a critical part of many communication and radar systems. New research by engineers at the University of Bristol has shown significant advances in antennas by using optically induced plasmas ...

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

TrollBane
3 / 5 (2) May 19, 2017
My friend Arthur says to tell the French men that we've already got one...
ZergSurfer
5 / 5 (1) May 19, 2017
This only works if the machine hasn't been rebooted. It's been a week...
I suppose it was a worthwhile exercise, the technique might help in the future.
@TrollBane, your father smelt of elderberries!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.