Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday May 19 2017, @11:56AM   Printer-friendly
from the maybe-there-is-hope dept.

Various news outlets report the release of
Wannakey, a decryption utility for files encrypted by the WannaCry ransomware. According to the author of the software, it "has only been tested and known to work under Windows XP."

From the Wired article noted below:

Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague.

[...] Guinet says he's successfully used the decryption tool several times on test XP machines he's infected with WannaCry. But he cautions that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.

Coverage:

Previous stories:
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kaszz on Friday May 19 2017, @04:43PM (2 children)

    by kaszz (4211) on Friday May 19 2017, @04:43PM (#512248) Journal

    How long is the key btw? and what algorithm does it use?

    As the hack only works when not rebooting. Maybe next time people could trigger suspend to disc or such to preserve the necessary data?

    At least some memory dumper would be handy. I'll presume core can't be dumped on Windows..

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by edIII on Friday May 19 2017, @10:13PM (1 child)

    by edIII (791) on Friday May 19 2017, @10:13PM (#512410)

    There ain't shit anybody can do once you have an elevated process encrypting files. We've designed it so that an elevated process encrypting files is protected against tampering and snooping :) Gaining access to keys after the fact is a major problem for you, not so much for the attackers. So we've done our best to lock that out. How well that is done on XP is anyone's guess, but the fact a decrypt utility exists for XP is telling.

    The big two problems?

    1) Running as administrator.
    2) Running attachments in email.

    The fundamental problem? Running Microsoft at all. It was great growing up, I still really enjoy the interface, but it is an old insecure toy now that needs to be put away by the adults. I'd have more respect for Microsoft if it completely broke with compatibility and designed a new OS (without telemetry).

    Regardless of OS though, if you have a long enough backup window with versioning control there is nothing people can do to you like this. I'm completely safe and secure. If my system locked up now with a ransom, I would just laugh my ass off. I would be pretty upset they got a copy, but not worried about me having continued access.

    No different then recovering data deleted by an employee upset on termination day.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by kaszz on Friday May 19 2017, @11:34PM

      by kaszz (4211) on Friday May 19 2017, @11:34PM (#512436) Journal

      People can put away Microsoft, I would say it's technically doable now. Microsoft security sucks but that doesn't happen unless someone is choosing the crap. And there's a tendency for people doing the Windows thing to be less competent in security than for other systems.

      So the problem boils down to people. And that would mean there are types of people that should not handle IT systems.