Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Decryption Utility for WannaCry is Released

posted by cmn32480 on Friday May 19 2017, @11:56AM   Printer-friendly
from the maybe-there-is-hope dept.

butthurt writes:

Various news outlets report the release of
Wannakey, a decryption utility for files encrypted by the WannaCry ransomware. According to the author of the software, it "has only been tested and known to work under Windows XP."

From the Wired article noted below:

Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague.

[...] Guinet says he's successfully used the decryption tool several times on test XP machines he's infected with WannaCry. But he cautions that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.

Coverage:

Previous stories:
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Decryption Utility for WannaCry is Released | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Anonymous Coward on Friday May 19 2017, @08:28PM (2 children)

    by Anonymous Coward on Friday May 19 2017, @08:28PM (#512363)

    From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

    Disable SMBv1 on the SERVER, configure the following registry key:

    Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    Enable SMBv2 on the SERVER, configure the following registry key:

    Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    ---

    Disable SMBv1 on the CLIENT, run the following commands:

    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

    sc.exe config mrxsmb10 start= disabled

    Enable SMBv2 & SMBv3 on the CLIENT, run the following commands:

    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

    sc.exe config mrxsmb20 start= auto

    ---

    * The above is per https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/ [microsoft.com]

    APK

    P.S.=> For a SINGLE 'standalone' non-networked PC (no home network/LAN but TCP/IP connected online) turn off Server & Workstation services.

    That shuts off any "handles" (port 445) this thing propogates thru + turn off NetBIOS over TCP/IP in your internet connection & uncheck/disable Client for Microsoft Networks + File and Print Sharing. Port 139 & 445 always pop up issues over time. It also makes your packet trains smaller (no encapsulation of LanMan)

    I covered all this 11++ yrs. ago in a security guide I wrote for users with a single system & apparently, its advice STILL STANDS THE "TEST OF TIME" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=HOW+TO+SECURE+Windows+2000/XP&btnG=Google+Search&gbv=1/ [google.com] vs. even today's threats like this one.

    * This effectively makes this threat a non-issue + saves you CPU cycles/RAM & other I/O wasted on services you don't NEED as a single PC user only... & you don't. They're just wastes with a single PC really. Many services are (covered in guide above based on CIS Tool guidance (who took fixes to their ware from "yours truly" too, no less)) & again, no more encapsulated packet bulk.

    AND?

    Don't be STUPID & click on attachments in bogus malicious emails this thing propogates thru also (Chrome/Opera/Webkit users - BEWARE of the ShellControlFile issue that just popped up (.scf file) noted here-> http://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/ [theregister.co.uk] ) ... apk

    Starting Score:    0  points
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday May 19 2017, @08:53PM (1 child)

    by Anonymous Coward on Friday May 19 2017, @08:53PM (#512370)

    its advice STILL STANDS THE "TEST OF TIME"

    But does it pass the HairyFeet Challenge?

    • (Score: 3, Funny) by aristarchus on Saturday May 20 2017, @03:25AM

      by aristarchus (2645) on Saturday May 20 2017, @03:25AM (#512511) Journal

      But does it pass the HairyFeet Challenge?

      No, but then nothing ever did, since it was only a test to defend Hairykrishnafeet from the fact that he had sold out, was no longer a Tolkien hippy, but is now a "reverse-racist" old fogey, or in plain words, a Trump-voting Microsoft lackey. Anyone would need a defense from that much shame.