You might remember the WannaCry ransomware attack, which infected tens of thousands of computers across the world a couple of months ago. It would encrypt all the data on a system and then demand payment in order to restore access. It impacted a number of high profile institutions, including hospitals in the U.K. and public transport systems in Germany.
According to AVG Avast, it’s estimated that the attack infected around 75000 computers across the globe to begin with, with that number later spreading to 200000 in the following days.
The attack happened because of a Windows security flaw. The National Security Agency supposedly first discovered the flaw and had been collecting vulnerabilities like it in order to use them for court surveillance. Despite earlier versions of Windows now being out of the official support period, Microsoft issued a patch for all their systems to rectify the issue.
That’s all well and good for the future, but not for those who have been unable to update or with data encrypted. However, security researchers have produced two tools that can help unlock some of the data. The two tools are called {{https://github.com/aguinet/wannakey|WannaKey}} and {{WannaKiwi|https://github.com/gentilkiwi/wanakiwi/releases}}.
Both are able to work by making use of a different security flaw in older versions of Windows. They recover the prime numbers used to encrypt the data from the system’s memory. Because of this it only works for computers that have been left on since the attack – if the numbers are found, the encryption key can be detected and the data can be decrypted.
Also, if the infected system has been running a lot of other programs then it might be that those numbers in the memory have been naturally overwritten anyway.
Nevertheless, Microsoft’s patch and these programs will ensure that an attack using this specific approach and exploit won’t be able to happen again.
However, it’s certain that ransomware attacks will continue to happen. They’re not a new thing and malicious people will exploit systems and people in order to keep carrying them out. It’s true that the technology behind programs like WannaKey and WannaKiwi will help victims in the future, and perhaps lead to quicker data recovery times, but it’s hard to be ever truly protected from ransomware attacks.
In the case of WannaCry, the exploit mainly impacted those users who couldn’t afford to upgrade to the latest and protected versions of Windows. This is why so many underfunded or underprioritised national systems were affected. But this is just one example – you might be running the latest version of your operating system, but there’s a reason that there’s always updates available and that’s because no operating system is ever one hundred percent secure.
If you want to ensure that you always have control over your data, the only way to do that is to invest in a stable backup plan. This means running constant backups, sending your data to a different device to the source – preferably offsite if you can, to protect against physical damage, but something is better than nothing.
Free Security Tools to Recover From WannaCry Ransomware
Comments
No comments yet. Sign in to add the first!