Skip to content

May 20, 2017

There’s an easy fix for WannaCry, if you haven’t rebooted yet

by John_A

There’s a glimmer of hope for a specific subset of victims in the WannaCry hack. Security researchers have released a fix that gets rid of the ransomware and restores a device’s files, though it only works on Windows XP to Windows 7, and only on computers that have not been rebooted since the infection.

The fix is called wanakiwi and it comes from security researcher Benjamin Delpy. The program scours a computer’s memory for prime numbers, the foundation of encryption, and then uses those to generate unlock keys for the encrypted files. (Restarting the computer could erase these prime numbers.) This ingenious little tool is based on Adrien Guinet’s wannakey, which was designed to recover Windows XP keys.

WannaCry is the largest ransomware attack in history, and it isn’t over yet. It was unleashed on 300,000 computers in more than 150 countries on May 12th, briefly locking down the United Kingdom’s National Health Service and thousands of other major institutions around the globe. The ransomware demands $300 (in bitcoin) to restore the infected device’s files, and it gives victims one week to pay. Today, the first deadlines are up.

WannaCry infects computers running outdated versions of Windows — Microsoft released a patch for the exploit in March, but that doesn’t protect people or businesses who don’t automatically update, or anyone using pirated software.

Hackers lifted the program from the National Security Agency, which originally called the vulnerability “Eternalblue.” A group named The Shadow Brokers claims to have stolen hacking secrets from the NSA and has been publishing these tools online.

Copycat hacks have been popping up since WannaCry went live, and the program itself is evolving as security firms attempt to block it.

Via: CNET

Source: comae

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: