Security researchers have a fix for victims of the 'WannaCry' ransomware

Elizabeth Williams
May 22, 2017

Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russian Federation, believing that identifying "patient zero" could help catch its criminal authors. This could potentially lead to more hacks like the WannaCry Ransomware.

However, the tool will only work on those affected computer that haven't been rebooted after the attack or for computers with associated memory that have not been erased or allocated by some other processes, added Guinet.

"Some organisations just aren't aware of the risks; some don't want to risk interrupting important business processes; sometimes they are short-staffed", said Ziv Mador, vice president of security research at Trustwave's Israeli SpiderLabs unit.

That said, Guinet and his colleagues recently managed to tweak its software fix to work on Windows 7 machines as well.

Last weekend the WannaCry ransomware infection and across hundreds of thousands of machines, and in the immediate aftermath of the hit, many were pointing the finger at outdated versions of Windows XP for allowing WannaCry to cause so much damage.

The US technology giant also says that its latest Windows 10 software is the only OS completely safe from WannaCry. The WannaKey decryption tool is available for free and works on Windows XP operating system.

Any organisation which heeded warnings from Microsoft to urgently install a security patch it labelled "critical" when it was released on March 14 are immune, experts agree.

The ransomware is very infectious, with more than 300,000 computers worldwide in 150 countries believed to have been hit - about half of which are in Russian Federation or China.

"Our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows". Even though, as we previously mentioned, Windows XP has not been so widely affected as people initially believed, some devices running on it still face this issue, so it's good to know it works there as well.

Microsoft declined to comment for this story.

This is not the only tool that is now available.

As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russian Federation, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.

Other reports by VgToday

Discuss This Article