French Researchers Say They Found a Last-Ditch Cure to Unlock WannaCry Files

After thousands of computers got infected, Microsoft made a decision to release the patch for Windows XP systems as well, thus publishing the first update in 3 years for the operating system launched in 2001.

Windows XP was one of the versions of Windows to be affected by the WannaCry ransomware attack, and despite the patch released by Microsoft, there were still thousands of computers which ended by being affected.

"Some organisations just aren't aware of the risks; some don't want to risk interrupting important business processes; sometimes they are short-staffed", said Ziv Mador, vice president of security research at Trustwave's Israeli SpiderLabs unit, speaking to Reuters.

However, the worm component did work fine against Windows 7 and Windows Server 2008 R2.

The recovery technique doesn't work in Windows 10 because it does erase that memory, while Windows XP does not. That happened here with some systems of Windows.

However, because of new software developed by French researcher Adrien Guinet, Windows XP users whose computers were compromised by WannaCry can now remove the infection without having to pay the $300 ransom.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab, a Russian cybersecurity provider.

As security researcher Kevin Beaumont pointed out, the NSA's Eternal Blue exploit that WannaCry attackers used to spread the ransomware once inside a network can not be used to infect Windows XP machines on that network.

Now, art least some of the affected users may be getting some help.

The rapid recovery by many organisations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.

These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.

"We knew we must go fast because, as time passes, there is less chance to recover", Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt WannaCry at 6 am Paris time (0400 GMT) on Friday.