Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom

An anonymous reader quotes a report from Ars Technica: Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. "This software has only been tested and known to work under Windows XP," he wrote in a readme note accompanying his app, which he calls Wannakey. "In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!"

Well done sir.

[JamesKeane7745]

Why is everyone so down on this?

Yes, it only works on limited OS install numbers
Yes, you have to be lucky

But someone has devoted his time and effort to find a way to rollback some of the damage cause by a major bit of malware. It may only be for a small subset, but he has published the code (we're all for that here, right?) so maybe it may inspire someone else, with a knowledge of memory allocation and cleanup on a different target platform, who may then have a light bulb moment!

Try cracking a smile once in a while, not everything needs a scowl.