Jump to content

Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates


Please note: Unfortunetely due to some server side issues, registration via Hotmail / Outlook email addresses do not work, members are requested to use some other email addresses like Gmail to register here.

Sign in to follow this  

WannaCry has been decrypted, if you follow the rules

Recommended Posts

steven36    9,820




Frenchmen claim cure for WannaCry-infected computers

PARIS (AP) - French researchers have released software tools that they claim can restore some of the computers locked up by a global cyberattack that held users' files for ransom.


The researchers said, however, that the tools are not perfect and work only if the computers infected with the WannaCry ransomware have not been rebooted after being hit. For that reason, the technique isn't likely to help many people. In addition, companies needing to restore their operations right away likely would have turned to backups, if available, by now.


The developments came Friday, the apparent deadline for owners of some infected machines to pay a ransom of up to $600 or lose their files forever. As of Friday, the three accounts known to collect ransom payments had received less than $100,000 worth of the cybercurrency bitcoin, an amount that security researchers say is small compared with how widely WannaCry spread.


The researchers - Adrien Guinet, Matthieu Suiche and Benjamin Delpy - worked separately to find ways to decrypt files scrambled and held hostage by WannaCry.


In his research summary, Guinet - who works for the Paris-based firm Quarkslab - said his software had only been tested to work under Windows XP. He added the software helps recover the prime numbers of the RSA private key that are used by WannaCry.


After Guinet's fix came out, others looked for ways to extend that to other operating systems and have succeeded in applying the technique to the newer Windows 7 system as well.

Chris Wysopal, chief technology officer with the software security company Veracode, said that after ransomware attacks, researchers will often infect one of their own machines on purpose to see if the key is somehow left in the memory. That happened here with some systems of Windows.




If the ransomware  don't work on nothing but Windows 7 how did the developers of this test it on WinXP x86, Server 2003 x86, and Win7 x86? That statement is a oxymoron ,lol. The tool was invented at 1st for xp only and others moded the code for other os. I know for a fact it  infected Server 2008 as well because  someone infected was trying to get help.



By what I'm reading over there now



From the article, it appears Benjamin Delpy based his decrypt on Adrien Guinet's decrypt method posted above.


So we may potentially have two decrypters for XP and Win 7.


Guinet -




Deply -






I have tested it with latest advapi32.dll (6.1.7601.23796) available for Windows 7. It was tested several minutes after encryption finished. Success rate was about 60%.


And it seems Woody was sort of right it seems  Eternal Blue  the worm failed to work on any systems XP in the wild but the actual  rasomware  did if you injected yourself with it . But it worked on Server and Windows 7. So  everyone who got infected was people who didn't do updates  even though there was a patch out for 3 mths.


So what good is a decrypter for XP unless  they put it in and and other exploit  by then it will be updated  and not work by then?..And  still if  you  didn't reboot you may only get back part of you're files . It seems to only affect Windows 7/ Server 2008



Edited by steven36
  • Like 5

Share this post

Link to post
Share on other sites
Karlston    1,720

It's true, WannaCry does infect OS's other than Windows 7...




Sorry, couldn't resist it... :)



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this