A Last-Ditch Effort for a WannaCry Ransomware Cure

Fagjun | Published 2017-05-20 06:38

There is confirmation that a team of French researchers have found a WannaCry ransomware cure, just as the first deadline for ransom nears.

The ransomware hit computers around the world last week, crippling businesses and important institutions in many countries. Once the ransomware infects a computer, it encrypts important files and renders them inaccessible to the user. A message will then appear, explaining what has happened and that the user must pay a ransom to regain access to the files. The message instructs victims to pay $300 worth of Bitcoin in three days, after which the ransom will double. If victims fail to pay within seven days, they “won't be able to recover [their] files forever”.

As that seven-day deadline neared, researchers made a last-ditch attempt at finding a way to regain encrypted files without paying the ransom.

The Only Workable WannaCry Ransomware Cure

Infected computers display this message from the criminals behind the ransomware attacks.
[Image by SecureList / AO Kaspersky Lab]

It was researchers Adrien Guinet, Matthieu Suiche, and Benjamin Delpy who found a WannaCry ransomware cure. Independent security researchers have confirmed the validity of the cure. This cure is a free software tool called “wanakiwi” that the researchers have tested on computers running Windows XP. It can work on other operating systems like Windows 7 as well. There have been reports that almost all of the virus's victims were Windows 7 users.

Guinet published the theoretical technique for decryption, while Delpy turned the technique into a practical file. Suiche tested the cure and made it compatible with all Windows operating systems.

However, the cure comes with a couple of conditions. First, users should apply the cure before the ransomware permanently locks up the files. This means that users should apply the cure before the seven-day deadline. Second, the infected computer should not have had any reboots after infection.

The second condition is what may make this cure ineffective for many victims. Many of those victims have probably rebooted their computers soon after the virus hit. Also, companies have probably accessed their backup files to keep their operations going. Thus, the cure may not be of much help for many of the victims.

The solution therefore isn't perfect. However, at least for now, it's the only workable WannaCry ransomware cure we've got.

Hey! Where are you going?? Subscribe!

Get weekly science updates in your inbox!