Become a fan of Slashdot on Facebook


Forgot your password?
Security Privacy The Internet Windows

French Researchers Find Last-ditch Cure To Unlock WannaCry Files ( 36

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago. From a report: WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. Also see: Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom.
This discussion has been archived. No new comments can be posted.

French Researchers Find Last-ditch Cure To Unlock WannaCry Files

Comments Filter:
  • Side note (Score:3, Insightful)

    by 93 Escort Wagon ( 326346 ) on Friday May 19, 2017 @11:52AM (#54448925)

    From TFA:

    "This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups"

    If an "enterprise" didn't already have a backup solution in place, their CIO - and relevant members of their IT staff - should be fired.

  • by Anonymous Coward

    From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

    Disable SMBv1 on the SERVER, configure the following registry key:

    Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    Enable SMBv2 on the SERVER, configure the following registry key:

    Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

    REG_DWORD: 0 = Disab

  • by Anonymous Coward

    Just for kicks last weekend I put a completely unpatched Windows 10 machine, installed from a June 2016 RTM, on the Internet, 100% exposed. No NAT firewall. No Windows Firewall. No AV. No anti-malware. No nothing. Public IP. I even went so far as to enable insecure RDP and install a VNC server with NO authentication on the standard port.

    Almost a week later, there is nothing unusual happening on that machine. No unusual network traffic (almost none at all, actually). File checksums for all windows components

    • I figured after the scary story about Windows machines being infected by WannaCry in MINUTES, I could have some fun with it. But no. This machine is still sitting there perfectly fine. None of the random documents I put on it have been encrypted. No signs of infection by anything.

      Windows 10 is not vulnerable to the worm propagation mechanism of WannaCry. The exploit is mitigated (though not truly resolved) as part of the overall security hardening done throughout the OS.

      Only Windows Vista, 7, and 8 are vuln

  • The victims might be watching the timer, but the researchers can change the BIOS clock and create backups for their research.

Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off.