French researchers create new tool to protect computers from WannaCry ransomware
May 22, 2017
A team of French researchers has come up with a new technique to prevent computers from being victimised by WannaCry ransomware.
French researchers claim their new technique can help save computers from getting locked out permanently within a week of initial infection.
The researchers in question have worked out a way to decrypt files which have so far been encrypted by the ransomware. The method has been found to be effective in protecting a number of systems running Windows XP, Windows 2003 and Windows 7 operating systems. According to security expert Mathieu Suiche, it can also protect systems running Windows Vista and Windows 2008, thus protecting almost every version of Windows which are vulnerable to WannaCry.
Christened 'wannakey', the new tool makes use of prime numbers to recompute the key itself instead of looking for the actual key behind WannaCry which can be a long-drawn process. The hackers behind WannaCry have so far extorted $94,000 from victims around the world and the researchers aim to prevent other victims from paying ransom to save their computers.
"Wanakiwi also recreates the .dky files expect from the ransomware by the attackers, which makes it compatible with the ransomware itself too. This also prevents the WannaCry to encrypt further files," said Suiche, while adding that the researchers have so far been able to decrypt as many as 10,000 computers across the world.
However, there's a catch. The software tool can only work in systems which have not been rebooted by users after they were infected by WannaCry. It will also not work in systems where users have applied the fix before their systems were infected by the malware. Europol has confirmed that it has tested the tool and that it was "found to recover data in some circumstances."
"This is not a perfect solution. But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups," Suiche added.
Benjamin Delpy, one of the French researchers and an employee of the Banque De France, said that several banks, energy companies, and intelligence agencies from Europe and India have contacted them to use the software tool to decrypt their own systems.
Aside from personal and work PCs running older versions of the Windows operating system, the WannaCry ransomware has also affected a number of Windows-based medical devices in the United States and elsewhere. According to a recent Forbes report, a number of healthcare companies in the United Sates are now working at a frantic pace to build new patches for devices affected by cyber-attacks. At the same time, they are also issuing advisories and warnings on the susceptibility of medical devices to future cyber-attacks.
"I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices and simply avoid patching because the device works. This “If it ain’t broke don’t try to fix it” mentality can be tremendously detrimental to hospital security," said Craig Young, a security researcher at Tripwire. He also emphasised that hospital staff and healthcare firms do not really appreciate the significant dangers that cyber-attacks pose on patient health and overall costs.