• Newsletters
  • Facebook
  • Twitter
°
Wednesday, May 24, 2017
View complete forecast
News-Sentinel.com Your Town. Your Voice.

Frenchmen claim cure for WannaCry-infected computers

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.The Associated Press
Friday, May 19, 2017 02:51 pm

PARIS French researchers have released software tools that they claim can restore some of the computers locked up by a global cyberattack that held users' files for ransom.

The researchers said, however, that the tools are not perfect and work only if the computers infected with the WannaCry ransomware have not been rebooted after being hit. For that reason, the technique isn't likely to help many people. In addition, companies needing to restore their operations right away likely would have turned to backups, if available, by now.

The developments came Friday, the apparent deadline for owners of some infected machines to pay a ransom of up to $600 or lose their files forever. As of Friday, the three accounts known to collect ransom payments had received less than $100,000 worth of the cybercurrency bitcoin, an amount that security researchers say is small compared with how widely WannaCry spread.

The researchers Adrien Guinet, Matthieu Suiche and Benjamin Delpy worked separately to find ways to decrypt files scrambled and held hostage by WannaCry.

In his research summary, Guinet who works for the Paris-based firm Quarkslab said his software had only been tested to work under Windows XP. He added the software helps recover the prime numbers of the RSA private key that are used by WannaCry.

After Guinet's fix came out, others looked for ways to extend that to other operating systems and have succeeded in applying the technique to the newer Windows 7 system as well.

Chris Wysopal, chief technology officer with the software security company Veracode, said that after ransomware attacks, researchers will often infect one of their own machines on purpose to see if the key is somehow left in the memory. That happened here with some systems of Windows.

Comments

News-Sentinel.com reserves the right to remove any content appearing on its website. Our policy will be to remove postings that constitute profanity, obscenity, libel, spam, invasion of privacy, impersonation of another, or attacks on racial, ethnic or other groups. For more information, see our user rules page.
comments powered by Disqus