Good News, WannaCry's Hosted File Can Now Be Open

shares |

Ransom
A security researcher managed to find the key to open files encrypted by WannaCry's ransomware.

Adrien Guinet, a researcher from security firm Quarsklab, is known to have released the software to unlock the WannaCry locked file. However Guinet said, this limited software can only be used on Windows XP.


"In order to work, after being infected your computer should not be turned off first.Note also, it takes luck because there is a possibility this software can not work across the device," he said as quoted by Ars Technica.


The reason, lies in the bug in Windows XP that does not delete the key when encryption is done, so the key can be used to open the file.

For information, when encrypting a file, WannaCry will use the Windows system to collect keys when encrypting and locks to open them. After the process is done, many versions of Windows will delete the key so it is difficult to find a gap.

But it did not happen in Windows XP because of limited ability. Therefore, the secret key generated from the encryption process can still be stored in the computer's memory.



This method is used Wannakey to open the encrypted file, which is to take advantage of XP memory and extract it based on the variables that become the key base. Only those keys are usually kept as long as the PC is on. When it is turned off, it is possible that the key has been erased.

"For that, if lucky (the key on the memory is not deleted), the secret key may still be stored in memory," he said.

Guinet itself has now opened up opportunities for people who want to download the software through Github site.

For information, WannaCry ransomware attacks had horrendous world since last week. According to reports, there are about 150 countries that are victims of the attack.
 

Also Read:

Related Posts