HOW WE PROCESS

1 Submit your enquiry.
2 We will get back to you and review your enquiry.
3 We Simulate Penetration testing

If you still have problems, please let us know, by sending an email to support@cybermetrix.co.uk Thank you!

OPENING HOURS

Mon-Fri 9:00AM - 6:00AM
Sat - 9:00AM-5:00PM
Sunday - Appointment only
GET A QUOTE

A WannaCry Flaw Could Help Some Victims Get Files Back

Posted on by Christian Hendrix
wannacry - A WannaCry Flaw Could Help Some Victims Get Files Back

Since the WannaCry ransomware ripped through the internet late last week, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Finding a flaw in WannaCry’s encryption scheme, after all, could decrypt all those systems without any ransom.

Now one French researcher says he’s found at least a hint of a limited remedy. The fix still seems far from the panacea WannaCry victims have hoped for. But if Adrien Guinet’s claims hold up, his tool could unlock some infected computers running older versions of Windows which analysts believe account for some portion of the WannaCry plague.

On Friday, Guinet released “WannaKey” to the open source code repository Github. Guinet, who works for the Paris-based security firm QuarksLab, says the software can pull traces of a private key from the memory of a Windows XP computer, which can then be used to decrypt a WannaCry-infected PC’s files. Within 24 hours, another pair of French researchers, Benjamin Delpy and Matt Suiche, say they’ve now adapted the tool to work on Windows 7, too.

What Makes Healthcare Such an Attractive Target?

Guinet says he initially tried the decryption tool with success on several XP test machines he’d infected with WannaCry. But he cautioned that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.

In particular, Guinet warns any XP WannaCry victims who might still be able to recover their files to leave the computer untouched until they can run his program. “Do not reboot your computer, and try this!” he wrote in a followup email.

From a criminal’s perspective, healthcare records are a golden goose. They contain all the information necessary for medical identity fraud, an extremely lucrative crime. And they sell for up to ten times the price of stolen credit card numbers on the black market.

On Friday morning, Comae Technologies founder Matt Suiche wrote that he’d tested out WannaKey’s decryption method too, and with fellow researcher Benjamin Delpy even adapted it into a tool called WannaKiwi that works on Windows 7. Other researchers who looked at WannaKey’s code and Guinet’s notes on Github and Twitter say it seems to leverage a genuine flaw in WannaCry’s otherwise airtight encryption—at least in older versions of Windows. “It looks legit,” says cryptography-focused Johns Hopkins computer science professor Matthew Green. But he warns that whether it works for any specific victim will be partly a matter of chance. “It’s kind of a lottery ticket right now,” Green says.

sans titre 2 - A WannaCry Flaw Could Help Some Victims Get Files Back

Christian Hendrix

Cybersecurity Analyst at Cybermetrix
Christian is passionate about cybersecurity, personal and fair. he brings new ideas and challenge things that could be better. His is to be responsible for the monitoring and analysing of cyberthreats activity for cybermetrix customers systems and the external environment to identify, understand and react to relevant activity. Passionate about Cybersecurity he brings the most relevants blogs articles for Cybermetrix.
sans titre 2 - A WannaCry Flaw Could Help Some Victims Get Files Back
(Visited 20 times, 1 visits today)
Don’t Pin the Macron Email Hack on Russia

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz

Cybermetrix cybersecurity group
Our experts will provide the best advice and cybersecurity service in a quick response.

Cybermetrix cybersecurity group
INCIDENT RESPONSE

Our experts will provide the best advice and cybersecurity service in a quick response.

  • SALES ENQUIRY

    04324324///
  • Cyber Incident Helpline

    07804325///
  • EMAIL US

    sales@cybermetrix.co.uk
TOP
Download Free 10 Tips to secure your company PDFGET IT NOW
+