Slash Boxes

SoylentNews is people

posted by cmn32480 on Friday May 19 2017, @11:56AM   Printer-friendly
from the maybe-there-is-hope dept.

Various news outlets report the release of
Wannakey, a decryption utility for files encrypted by the WannaCry ransomware. According to the author of the software, it "has only been tested and known to work under Windows XP."

From the Wired article noted below:

Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague.

[...] Guinet says he's successfully used the decryption tool several times on test XP machines he's infected with WannaCry. But he cautions that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.


Previous stories:
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by butthurt on Friday May 19 2017, @10:47PM (1 child)

    by butthurt (6141) on Friday May 19 2017, @10:47PM (#512422) Journal

    There existed a 64-bit version of Windows XP, but it saw little uptake.

    On x86, Physical Address Extension allows the use of more than 4 GB of memory.

    The 32-bit size of the virtual address is not changed, so regular application software continues to use instructions with 32-bit addresses and (in a flat memory model) is limited to 4 gigabytes of virtual address space.

    -- []

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by kaszz on Friday May 19 2017, @11:46PM

    by kaszz (4211) on Friday May 19 2017, @11:46PM (#512439) Journal

    PAE still leaves the CPU to handle up to 64 GB ie 36-bit addresses. Though it's all hidden to the scheduler side of things. Perhaps the kernel needs to deal with it too for program jumps etc? Data access seems to still be that each address in userland have 8-bits.

    So in PAE, the CPU has at least 36-bit virtual addressing. There may be less physical address lines than this. Each process in userland may however only use up to 32-bits.

    As for 64-bit Windows XP. The Microsoft ecosystem is very much a Win32 thing. And things will evolve around that unless a big bat is used. Which Microsoft did with their later 64-bit OS, ie to get 32-bit certification you got to present a workable driver for 64-bit and so on.