WannaCry: infected Windows XP PCs can be decrypted without paying ransom

Adrien Guinet, a researcher who’s dealing with the spread of the WannaCry ransomware, revealed that the owners of infected Windows XP might be able to decrypt them without paying the ransom, which can cost from $300 to $600.

As we mentioned earlier, WCry or WannaCry is a ransomware that blocks your PC by encrypting files and requires payment of a ransom to get the key that unlocks them. Ransomware uses the Microsoft Cryptographic Application Program Interface included in Windows for various purposes, including generating an encrypting/decrypting key. After creating a secure key, the interface deletes it on most versions of Windows, but not on Windows XP: some limitations in the system prevent it from being removed.

Thus, the primary numbers used to generate the WannaCry key remain intact in PC memory until this is turned off. Guinet managed to create a software, WannaKey, which allowed him to retrieve the secret decryption key on a PC running XP. There are a few things you need to know though: XP users are between 5 and 7% of Windows total users, and the software has not yet been tested to see if it works on a good variety of PCs. It also suffers from some limitations: in order to decrypt it, the affected computer should not be restarted after being infected.

Luck, in this case, plays an important role: for example, Matt Suiche, a researcher and founder of Comae Technologies, failed to run the Guinet tool during his experiments. Since last week, WCry ransomware has infected more than 200,000 computers in 150 countries around the world. Actually, no tool can help affected users.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *