Beveiligingsexpert says WannaCry to be able to decrypt
Beveiligingsonderzoeker Adrien Guinet says a way to have found to be the ransomware WannaCry to be able to decrypt them.
Guinet would be on a computer that is infected parts of the key that is needed for the files to decrypt, writes Mashable. Therefore he can the entire key can decrypt it. WannaCry releases data on computers, making them no longer accessible. Only if there is an amount of money paid, the files are decrypted on the basis of a secret key.
The researcher tried the technique, which he WannaKey calls, up to now only on a computer with Windows XP. But older versions of Windows, such as Windows XP, cannot seem to have the malware itself to spread. Researchers from MWR and Kyptos discovered that a pc with Windows XP crashes for the virus can spread, reports Reuters. Which computers played a smaller role in the global attack this past weekend. WannaCry on computers running Windows XP will be installed.
The software Guinet does not work at all geînfecteerde systems running Windows XP. So it should not restart the computer after the malware was installed. In addition, the user according to the researcher a lot of luck is required with the use of WannaKey.
To install the malware and encrypt the files is of the private key. Would normally the key after installation to be removed. But according to Guinet stay there, sometimes parts of the key on the back of the computer. If that is the case, then it is possible for the files to decrypt them.
The attack with WannaCry began Friday night, when several companies in Spain and several hospitals in Britain were victims. Soon there are reports from more countries. More than 200,000 companies in 150 countries were victims of the ransomware called WannaCry.
67 percent of the computers that were hit by the ransomware attack ran on Windows 7 without the latest security updates. This is evident from a study by security firm BitSight. The latest version of Windows, Windows 10, is good for 15 percent of the victims.
WannaCry makes use of a vulnerability in Windows that the NSA discovered. A computer hacker group known as the Shadow Brokers stole that information from the servers of the NSA and placed it in april online. Microsoft did, however, already on march 14, a security update that the leak has closed.
“Some organizations are not aware of the dangers of not updating, some do not want the risk to critical processes to interrupt and sometimes they have too few people,” says Ziv Mador, vice-president of security research at SpiderLabds Trustwave. “There are plenty of reasons why people wait with the update, and none of them are good.” According to him, were systems where the update was not a victim of the attack.
Security experts believe that a next attack with an improved version of the ransomware WannaCry many more users can get involved. The impact would also be greater. In such a version, the vulnerabilities of the current variant, such as a kill-switch, way are taken.
What we know about the ransomware WannaCry