Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom (arstechnica.com) 12
An anonymous reader quotes a report from Ars Technica: Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. "This software has only been tested and known to work under Windows XP," he wrote in a readme note accompanying his app, which he calls Wannakey. "In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!"
Sadly... (Score:2, Funny)
After you decrypt, you're left with a Windows XP system.
Re: (Score:2)
After you decrypt, you're left with a Windows XP system.
Hey, a decryptor that could turn Windows 10 systems into Windows 7 systems would actually be quite useful!
Re: (Score:2)
No, assuming the malware isn't still actively chewing on data to encrypt, in theory, you could just copy the recovered/decrypted files to an external target (Share, USB, Online web-based dropbox...etc). Then, and only then do you shitbox the computer and burn it to the ground. What's important is the data, not the infected PC at that point!
I've already developed a fix (Score:1)
Summary (Score:4, Informative)
1. XP computers aren't infected via LAN spread, but you can click on the email and infect yourself manually (accidentally).
2. This hack-fix works because XP doesn't wipe they key generation details out of memory. p and q can often be found by searching all memory. You then regenerate the key with p and q, like magic. If you reboot, memory is wiped and it's too late.