Frenchman claims cure for WannaCry-infected computers

Posted May 20, 2017

The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.

French researchers have released software tools that they claim can restore some of the computers locked up by a global cyberattack that held users' files for ransom. When WannaCry hits computers, it generates an unlock key, which stays hidden in the memory until the PC's been rebooted.

A free tool which can undo the damage caused by the WannaCry ransomware on some computers is now available. The fix is for a very specific set of victims: people on versions from Windows XP to Windows 7 who haven't rebooted their infected computers.

Nevertheless, victims of WannaCry can now bank on a third-party decrypting tool called "Wannakey", which enables affected users to decrypt or patch the ransomware attack on Windows.

The researchers said, however, that the tools are not ideal and work only if the computers infected with the WannaCry ransomware have not been rebooted after being hit.

Suiche, based in the United Arab Emirates and one of the world's top security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.

The newly created software in fact tries to recover the prime numbers of the RSA private key which is used by the WannaCry.

"This is not a flawless solution". "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups" which allow users to restore data without paying black-mailers. For first victims of attack, the one week's notice ended on Friday. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections.