Frenchmen claim cure for WannaCry-infected computers

James Marshall
May 20, 2017

Cyber-attacks on the scale of WannaCry may remind organisations about the need to maintain their IT security.

"Last week's global WannaCry ransomware attack - based on NSA malware - was a stark reminder that hoarding technological vulnerabilities to develop offensive weapons comes with significant risks to our own economy and national security", says Rep. Ted Lieu, D-Calif., a backer of the legislation. However, the threat is far from over.

They are a class of software created to infiltrate computers, and once inside, they lock up or encrypt important documents and data.

That flaw, apparently the result of the hackers' rather clumsy attempt to prevent their malware from being analyzed, shows the attack wasn't highly sophisticated.

A French researcher has released a software tool that he claims can restore some of the computers infected by the WannaCry ransomware.

On this occasion, the malicious software, also known as WCry, WannaCrypt, Wanna Decryptor and WanaCrypt0r, began exploiting a Microsoft Windows vulnerability that had been identified by the US National Security Agency (NSA), before being stolen by the Shadow Brokers group of hackers and leaked online. Virtual currencies such as Monero and Bitcoin use the computers of volunteers to record transactions.

But don't be surprised to see ripple effects of these attacks months from now.

The MalwareTech researcher agreed that the threat hasn't disappeared.

While WannaCry ransomware affected operations at the USA health care system and French vehicle maker Renault, it appears to have had less impact on corporate India's operations.

The company made the expensive patch for old software such as Windows XP free of charge at around midnight local time on Friday, though that was too late to contain the WannaCry outbreak.

It would be naive to believe that would rule out the use of such cyberweapons. Patching is ultimately the best remedy against ransomware attacks like WannaCry, as it targets the root of the vulnerability. Now here's the good news: prior to The Shadow Brokers' leak that exposed EternalBlue, Microsoft had already patched the SMBv1 vulnerability and issued an update to all Windows operating systems containing this patch.

The WannaCry attack wasn't a big-time nation-state operation, though it's likely that it may have originated in Russian Federation (though later reports suggested a North Korean link).

Since Microsoft has already confirmed that more recent versions of Windows aren't vulnerable to WannaCry, it's quite obvious that most of the infections would affect Windows 7-powered computers.

In our interconnected age where we depend on technology more than ever, this unparalleled cyberattack has resulted in a worldwide wake-up call for IT users and businesses alike to make IT security a top priority. Lucifer did strike previous year which locked computers of banks and pharmaceutical companies.

Mr Cherry said the company had advance warning in March about the risk of an attack, putting it in position to head off the danger. In January, another ransomware by the name of Lazarus had attacked Indian companies.

In a statement, the central bank said the consequences of the hacking attack - which it did not detail - had been dealt with quickly.

 North Korea, the NSA, Microsoft and consumers have all been blamed for the enormous cyber strike.

Ransomware is just one of the ways that cybercriminals profit from weak computer security. It also raises awareness to alarming levels and demonstrates the impact that a ransomware can bring to enterprises and clearly demonstrates the shift towards financial gain by attackers.

It's unfortunate that these tools have very specific limitations, but those who are able to take advantage of them are sure to be thankful. For example, in India, most of the systems are not safe from future attacks.

Many cyber-attacks are financially-motivated, as is likely the case here. "Indian organizations are also vulnerable due to majority using outdated (or not updated) versions of operating systems for business operations". Other breeds of malware may infect various operating systems, so no matter which device you are using, you should regularly update your software to install the latest security enhancements.

Europol said on Twitter that its European Cybercrime Centre had tested the team's new tool and said it was "found to recover data in some circumstances".

Other reports by Click Lancashire

Discuss This Article