Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday May 19 2017, @11:56AM   Printer-friendly
from the maybe-there-is-hope dept.

Various news outlets report the release of
Wannakey, a decryption utility for files encrypted by the WannaCry ransomware. According to the author of the software, it "has only been tested and known to work under Windows XP."

From the Wired article noted below:

Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague.

[...] Guinet says he's successfully used the decryption tool several times on test XP machines he's infected with WannaCry. But he cautions that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.

Coverage:

Previous stories:
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by nobu_the_bard on Friday May 19 2017, @03:03PM (3 children)

    by nobu_the_bard (6373) on Friday May 19 2017, @03:03PM (#512207)

    Actually you could blame Microsoft of that aspect; it wouldn't have been a problem if Windows XP could still get updates automatically. The original patches were released in March; XP and Vista probably had patches created around that time as well because of the extended life contracts some large corporations and governments have with them. They could have just pushed it automatically if they hadn't taken down the public update mechanisms. Tons of systems would have been updated for months before the ransomware hit. Instead, the patches need to be installed manually, and were only released as a response to the malware on a Saturday, so many many systems did not get patched until well after the ransomware was crippled.

    Also the patch doesn't work great on Windows Server 2003 systems, or so that has been my experience. Had to leave a few systems unpatched after I rolled back the update... Though this might partly be from the applications those servers are running being extremely fiddly.

    Windows 10 (and 7/8/8.1/etc) had the updates available in March. I had very few newer systems I had to worry about because of that.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by bob_super on Friday May 19 2017, @04:45PM (1 child)

    by bob_super (1357) on Friday May 19 2017, @04:45PM (#512249)

    Yes, you could blame MS for not wanting to support a 16-year-old system with ever-declining users, and dedicating their resources to making sure patches don't break it for those rare users who do bother to patch.
    But that would put you at odds with the realities of running a profitable company.

    • (Score: 2) by butthurt on Friday May 19 2017, @11:18PM

      by butthurt (6141) on Friday May 19 2017, @11:18PM (#512433) Journal

      > [...] you could blame MS for not wanting to support a 16-year-old system [...]

      According to the tabloids, Microsoft, as recently as 2015, offered--for a fee--support for Windows XP (which isn't quite 16 years old). They imply that the support is still available:

      The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.

      -- http://www.mirror.co.uk/news/uk-news/tories-cut-security-support-outdated-10413160 [mirror.co.uk]

      Windows XP - which was released more than 15 years ago - is still used in hospitals across Britain despite it no longer being serviced by Microsoft.

      Up until 2015 the government had a special support deal which meant the computer manufacturer provided security updates for the software.

      But the £5.5million contract was scrapped [...]

      -- http://www.dailymail.co.uk/news/article-4503522/Government-scrapped-support-NHS-two-years-ago.html [dailymail.co.uk]

      > [...] with ever-declining users [...]

      As of November 2016, Windows XP desktop market share makes it the fourth most popular Windows version after Windows 7, Windows 10 and Windows 8.1. Windows XP is still very popular in some countries; Africa as a whole and in Asia, e.g. in China, with it running on one third of desktop computers (and highest ranked in North Korea).

      -- https://en.wikipedia.org/wiki/Windows_XP [wikipedia.org]

      > But that would put you at odds with the realities of running a profitable company.

      A 2015 IDG News Service article corroborates the tabloids

      The Space and Naval Warfare Systems Command, which runs the Navy's communications and information networks, signed a $9.1 million contract earlier this month for continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003.

      The entire contract could be worth up to $30.8 million and extend into 2017.

      -- http://www.computerworld.com/article/2939435/government-it/us-navy-paid-millions-to-stay-on-windows-xp.html [computerworld.com]

  • (Score: 2, Insightful) by toddestan on Saturday May 20 2017, @02:49AM

    by toddestan (4982) on Saturday May 20 2017, @02:49AM (#512500)

    Even more curious is Vista. If they patched 7/8.1/10 in March, then why wasn't a patch pushed out to Vista too? Vista was still in extended support until mid-April. The end might have been close, but Microsoft should have made the patch available.