WannaCry, tools arrive to get files back

Two cybersecurity experts have developed software that in part allows users to decrypt machines affected by the ransomware

It's a race against time. Computer security experts from around the world are working to try to find the authors of WannaCry, the infection that started on May 12 and spread like wildfire to more than 150 countries, and also to find a way to decrypt the affected computers.

After WannaSmile, a program that disables the Server Message Block - a protocol used by Windows to communicate with printers and for sharing files between computers - and prevents ransomware from spreading to devices, more software is coming. The first comes from Telefónica, Spain's leading telecommunications company, which has released a tool to recover data encrypted by ransomware. It is a PowerShell script that helps track down temporary files with the WNCRYPT extension. The program only works if WannaCry has not completely encrypted the hard drive of the infected machine.


Another tool that can return the victims' files encrypted by the terrible ransomware virus is Wannakey, a program developed by Adrien Guinet, a cybersecurity expert. The researcher, however, warns that the software he developed only works on computers running Windows XP. Wannakey allows you to unlock data by locating decryption keys hidden inside the ransomware. According to Adrien Guinet, when the virus hits a machine it generates codes to encrypt hard drives, which are based on prime numbers. If the malware doesn't erase these numbers from the memory of the affected pc, recovering them makes it possible to decrypt the files. However, the program has limitations: it succeeds only if the attacked computer has not been restarted.

In the meantime, Microsoft has released an update patch, MS17-010, which prevents the ransomware from exploiting Windows vulnerabilities and spreading further.