Frenchmen claim cure for WannaCry-infected computers

Posted May 20, 2017

PARIS — A French researcher has released a software tool that he claims can restore some of the computers infected by the WannaCry ransomware.

Like Wannakey, wanakiwi takes advantage of shortcomings in the Microsoft Cryptographic Application Programming Interface that WCry and other Windows applications use to generate keys for encrypting and decrypting files.

Adrien Guinet, Matthieu Suiche, Benjamin Delpy, are among the people who have worked together to sort the issue out.

The researchers cautioned that their solution only works in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.

The tool may be helpful for XP users infected with WannaCry, but a similar tool for Windows 7 is likely to have a bigger impact at sites such as the UK NHS hospitals that were hit hard by the recent ransomware attack. And, it turns out, for all the hype surrounding your grandpa's taste in operating systems, it wasn't Windows XP that was the problem. And it won't work at all if you've rebooted your computer since the WannaCry infection, or if you're running Windows 8, 8.1 or 10. Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

Nevertheless, victims of WannaCry can now bank on a third-party decrypting tool called "Wannakey", which enables affected users to decrypt or patch the ransomware attack on Windows.

One week after it first hit, researchers are getting a better handle on how the WannaCry ransomware spread so quickly - and judging from the early figures, the story seems to be nearly entirely about Windows 7. But in order for it to find the numbers, Suiche said, you have to "cross fingers that your prime numbers haven't been overwritten", which would happen if you tried to restart your computer at any time after it was infected.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said. The news comes as a relief as this will allow companies and personnel with vital data on affected computers to save them, without having to pay out the required ransom.