French Researchers Find Last-ditch Cure To Unlock WannaCry Files

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago. From a report: WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. Also see: Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom.

A different decription from the other decryption?

[Geoffrey.landis]

what about this one? https://yro.slashdot.org/story... [slashdot.org]

Re:

[lorinc]

what about this one? https://yro.slashdot.org/story... [slashdot.org]

This one is a backup in case the first one gets encrypted!

More to point: the old method worked only for WinXP, this one also for Win7.

Re:

[Geoffrey.landis]

... I see that /. has now added a link to that earlier /. story to the summary.

Re:French?

[Jzanu]

No, I'm afraid this is an instance of the American's surrendering and the French fighting. In other words, this reflects more of reality as America fails at not just its international obligations but even its intra-national ones. In contrast France actively fights terrorist groups in Mali and Niger so that they don't link in Nigeria and create a greater problem for the western world.

Topically, this is a sign of the strength of the French university system superseding the American system in one of the most important fields for future security.

Re:French?

[Jzanu]

I'm German you fucking idiot - go troll somewhere else. Look up, I replied to the idiocy of another poster with information from reality. If you consider that a problem then perhaps you need some mental health treatment. Reality isn't flexible, and it is what it is.

Re: French?

[Brockmire]

He just needs a Snickers.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

Accusing a person of something he didn't say.
Claiming that he offers no solutions where actually the entire post was about an example which could be followed.
Accusing the person of affecting all humanity right after suggesting he only hates Americans for talking up someone else.
Claiming to have a false sense for sorrow for reasons unknown.
Accusing a foreigner that it's their fault for Trump being in office.
Then claiming you made a point.

Actually you made 5 points. None of them made sense.

One more point. You

Re:

[Gravis Zero]

No, I'm afraid this is an instance of the American's surrendering and the French fighting.

You aren't entirely wrong but I think it's important to remember that the US was hit very hard by this virus. There is no glory to be had and no incentive to continue working on the problem.

In contrast France actively fights terrorist groups in Mali and Niger so that they don't link in Nigeria and create a greater problem for the western world.

I think it's hilarious that you think we aren't doing enough to fight terrorism because we've practically destroyed ourselves with the level of military investment we've made just to kill some jerks in caves.

Re:

[Gravis Zero]

the US was not hit very hard by this virus

FTFY

Re:

[thegarbz]

Wait what? Fixed That For Who? :-)

Re:

[Jzanu]

Regardless this is still a sign of the US isolationism causing it to fall in status and capability despite the growing need for information security response. Expense and effectiveness are different things. The French mission in Mali has succeeded through well organized management and brought greater stability and safety to the region. It started 4 years ago and continues even now as a unilateral mission, and the French have a military budget less than 2% of their GDP [telegraph.co.uk]. That article is about the need to incr

Re:

[Gravis Zero]

Largely this is through ferreting all corruption out of military procurement, and if similar efforts are made then the US could achieve comparable results for cost and do more with the same budget.

I agree completely. However, I think that our money would be better spent raising the standard of living and education globally than eternally fighting a small number of people. People don't get sucked into murdering others when their life is great and the future is hopeful. If you think it's an intrinsic part of the religion itself then you are an advocate for genocide.

Side note

[93 Escort Wagon]

From TFA:

"This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups"

If an "enterprise" didn't already have a backup solution in place, their CIO - and relevant members of their IT staff - should be fired.

Protect yourself vs. WanaCry easily

[Anonymous Coward]

From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

Disable SMBv1 on the SERVER, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

Enable SMBv2 on the SERVER, configure the following registry key:

Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

REG_DWORD: 0 = Disab

Re:

[mark-t]

Indeed... I would liken the restriction that it only works if the machine hasn't been rebooted since infection to saying that while you can't prevent headaches, you can cure one you already have only as long as it hasn't already bothered you enough to want to do something about it.

For all practical purposes, this "cure" is at best only applicable for people who have yet to be infected, and can apply the mechanism immediately, it is about as worthless as dirt to virtually all those who have already been i

This is all overblown

[Anonymous Coward]

Just for kicks last weekend I put a completely unpatched Windows 10 machine, installed from a June 2016 RTM, on the Internet, 100% exposed. No NAT firewall. No Windows Firewall. No AV. No anti-malware. No nothing. Public IP. I even went so far as to enable insecure RDP and install a VNC server with NO authentication on the standard port.

Almost a week later, there is nothing unusual happening on that machine. No unusual network traffic (almost none at all, actually). File checksums for all windows components

Re:

[rsmith-mac]

I figured after the scary story about Windows machines being infected by WannaCry in MINUTES, I could have some fun with it. But no. This machine is still sitting there perfectly fine. None of the random documents I put on it have been encrypted. No signs of infection by anything.

Windows 10 is not vulnerable to the worm propagation mechanism of WannaCry. The exploit is mitigated (though not truly resolved) as part of the overall security hardening done throughout the OS.

Only Windows Vista, 7, and 8 are vuln

Racing Against Time, not really

[n329619]

The victims might be watching the timer, but the researchers can change the BIOS clock and create backups for their research.