It has been a while since we least heard something related to the major WannaCry ransomware attack. It now appears there are some development errors which could alleviate a lot of the concerns associated with this attack. In fact, several programming errors have been discovered, which will allow for creating a free decryption tool sooner rather than later. A positive development, although it will take some time before a solution is available.
WannaCry is Sophisticated, But Not Without Flaws
As soon as the WannaCry ransomware attack hit computers all over the world, global panic ensued. It appears this malicious software was one of the more sophisticated types of ransomware ever developed. By leveraging a popular NSA exploit, the developers of this tool successfully held over 220,000 computers hostage. Luckily, very few victims paid the Bitcoin ransom, which is good to see. Paying the Bitcoin ransom related to such an attack is never the answer by any means.
However, researchers at Kaspersky Labs have been diligently analyzing WannaCry ransomware samples to see if there are any weaknesses in the code. It appears there are a few glaring development errors in the source code. All of these flaws can be leveraged to recover files which were previously encrypted by this malware. There are plenty of ransomware samples to choose from, after all that is the one silver lining when it comes to global attacks like these.
One thing that becomes obvious from looking at these issues is how the WannaCry developers may not be as “skilled” as assumed earlier. In fact, experienced developers would not make novice mistakes like these, according to the researchers. That is quite a strong statement, although it is certainly possible the developers may not have the most experience under their belts. With so many ransomware-as-a-service solutions available today, it is increasingly easy to build a new malware strain without too much technical expertise.
A full report of these coding errors has been published earlier this week. It appears there are two major issues that have researchers quite concerned and relieved at the same time. System administrators can leverage about flaws to use widely accessible recovery software to restore encrypted files without paying the Bitcoin demand. This is great news, even though it comes a bit late for most victims. A lot of damage has been already by WannaCry, although it is possible new infections are still taking place as we speak.
One particular weakness found in the WannaCry source code revolves around the programming logic required to delete files from the victim’s computer. Original files are deleted once they are encrypted and renamed to a different extension. This also makes it impossible to recover the original file, on paper. However, it appears files stored in folders other than “Desktop” or “Documents” can be recovered, as they are not overwritten by the encrypted file. This data is simply deleted, which allows for it to be recovered using free software tools.
Although these weaknesses allow for the recovery of most files with ease, a lot of victims still prefer an official decryption tool. For now, there is no reliable WannaCry decryption tool available, although a few projects claim they can have positive results. A proper decryption tool may be developed in the future, though. In the end, it is good to know there are some flaws in the WannaCry ransomware which can be leveraged for the greater good.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.