Frenchmen claim cure for WannaCry-infected computers

Paul Pratley, of United Kingdom consulting firm MWR InfoSecurity, told Reuters that WannaCry’s ability to infect other computers on the same network without human intervention appeared to be tailored to Windows 7. The program now also includes a built-in version of wanadecrypt, meaning it can both recover the key and use it to decrypt the files automatically – making it easier for less technically adept victims to operate as a means of recovering their files. However, the researchers notified that the solution works around in specific conditions, for instance, if user applied the fix ahead of WannaCry threat of locking up their data and if victims had not rebooted their computers after the attack.

“Raiu, director of Kaspersky’s global research and analysis team, tweeted: “#WannaCry infection distribution by the Windows version.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab, a Russian cybersecurity provider. The tool succeeds because WannaCry uses the Windows Crypto API in a way that results in the prime numbers used to compute the private key not being removed from memory.

Out of all Windows 7 users, the worst hit were users running Windows 7 64-bit edition, accounting for more than 60% of all infections. And even then, security researchers caution, the tools still might not work with every type of infected system.

Once a gadget is infected with WannaCry, its files are encrypted and a ransom note appears on the screen.

Explaining further in details on GitHub he adds, “The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory“. The software fix is dubbed “wannakiwi” and can be downloaded over here.

Europol confirmed on Twitter its European Cybercrime Centre had tested the tool and found it “to recover data in some circumstances”.

While most of the world is talking about how their machines can be restored and safeguarded, another debate recently soared that shamed Microsoft over not rolling timely security updates for its older operating system that still power a significant number of PCs, most notably Windows XP.

A week ago, an ransomware coded as WannaCry abused a security vulnerability in Microsoft’s Windows XP OS. Blocking systems and files until a ransom was paid, the ransomeware deleted files within days if users refused to pay up.