Frenchman claims cure for WannaCry-infected computers

  • Frenchman claims cure for WannaCry-infected computers

Frenchman claims cure for WannaCry-infected computers

PARIS — French researchers have released software tools that they claim can restore some of the computers locked up by a global cyberattack that held users' files for ransom. Guinet works as a security expert, Suiche is an internationally known hacker, and Delphy took part at night, in his spare time, outside his day job at the Banque de France.

Adrien Guinet, who works for a Paris-based firm called Quarkslab, says however that the tool is not ideal and only works if the infected computers have not been rebooted after being hit by the program.

WannaCry encryption creates two keys - "public" and "private" - that are based on prime numbers and are responsible for encrypting and decrypting the system's files respectively.

However, he warns the method may not work for all the victimsn and one of the primary reasons is that if the machine was rebooted after the attack.

Guinet also said the software may not work on machines running on Windows 10 as the prime numbers are deleted there.

Benjamin Delpy developed the WanaKiwi tool, available for free download here, which simplifies the decryption process somewhat and is applicable to infected computers that run the Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

The developments came Friday, the apparent deadline for owners of some infected machines to pay a ransom of up to $600 or lose their files forever.

Chris Wysopal, chief technology officer with the software security company Veracode, says after ransomware attacks, researchers will often infect one of their own machines on objective to see if the key is somehow left in the memory.