French Researchers Find Last-ditch Cure To Unlock WannaCry Files

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago. From a report: WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. Also see: Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom.

Re:French?

[Jzanu]

No, I'm afraid this is an instance of the American's surrendering and the French fighting. In other words, this reflects more of reality as America fails at not just its international obligations but even its intra-national ones. In contrast France actively fights terrorist groups in Mali and Niger so that they don't link in Nigeria and create a greater problem for the western world.

Topically, this is a sign of the strength of the French university system superseding the American system in one of the most important fields for future security.

Let's Review The Facts

[NicknameUnavailable]

• It is based on SMB, which only impacts Windows machines sitting on the open internet and LANs, most commonly via someone plugging a laptop into their unsecured home network then taking it in to work or connecting via VPN.
• It uses an NSA backdoor that was patched 2 months ago on Windows 10, but not other versions, and was itself leaked about a month ago.
• It gives users a week to "pay" or get locked out (or have it removed otherwise.)
• It uses only 3 bitcoin wallets and tells everyone to pay the same sum, meaning there is no way to confirm who did and did not pay, therefore there was never an intention to have any further contact with machines which may be traceable.
• It had a backdoor to disable it by registering a nonsense domain name, which someone has since done at a security firm in the UK claiming they didn't know what it would actually do but just saw it was available.
• The code itself was 50% NSA leak and 50% script-kiddie or H1-b tier coding that errors out doing nothing 80% of the time.

All signs point to this being another attempt by Microsoft to get people to upgrade to Windows 10, not an actual piece of malware to produce money from the malware itself.

This is all overblown

Just for kicks last weekend I put a completely unpatched Windows 10 machine, installed from a June 2016 RTM, on the Internet, 100% exposed. No NAT firewall. No Windows Firewall. No AV. No anti-malware. No nothing. Public IP. I even went so far as to enable insecure RDP and install a VNC server with NO authentication on the standard port.

Almost a week later, there is nothing unusual happening on that machine. No unusual network traffic (almost none at all, actually). File checksums for all windows components are still the same. No new DLLs on the system. No record of anyone even connecting to the completely open and unprotected VNC server.

I figured after the scary story about Windows machines being infected by WannaCry in MINUTES, I could have some fun with it. But no. This machine is still sitting there perfectly fine. None of the random documents I put on it have been encrypted. No signs of infection by anything.

Sad!