Victims of last weekend’s massive worldwide ransomware attack are getting some late relief: Security researchers have published two tools capable of unlocking the data held ransom on at least some of the affected Windows PCs. However, for many, these tools may come too late.
A week ago, hackers were able to infect more than 200,000 computers across the globe, and encrypt data stored on the affected machines. The ransomware, dubbed WannaCry, would then ask users to send hackers money with the crypto-currency Bitcoin in order to get access to their data again.
WannaCry primarily targeted older versions of Microsoft’s Windows operating system, and led to outages at U.K. health care facilities, public transit providers across Europe and even the Russian Interior Ministry.
Now, art least some of the affected users may be getting some help. The newly-released tools, dubbed WannaKey and WannaKiwi, make use of another security flaw in older versions of Windows to recover the prime numbers used to encrypt the data from an affected computer’s memory. If those numbers are found, the software can recreate the encryption key — essentially the secret pass phrase — and decrypt the data.
However, the two tools only work if the infected computers haven’t been turned off, or rebooted. Running a lot of other apps that take up memory could also have erased the prime numbers. All of this means that only a few users are going to benefit from the relief — but the technology behind it could likely be used to help other ransomware victims in the future.
