The WannaCry alert seems to be partly over: although the authors of this ransomware are not yet known, a French cryptography researcher has found a flaw in the malware itself to make it ineffective. This is a discovery that for now only affects PCs running the Windows XP operating system. This is a poor consolation if you consider that only one PC out of 1000 of those affected is equipped with the XP OS, while research conducted by Karspersky Lab shows that Windows 7 is the OS most affected by this ransomware attack.
French researcher Adrien Guinet, claims to have found a way to free files taken hostage by the WannaCry ransomware without paying the ransom. His is a solution that relies on manipulating the cryptographic keys used to lock computers during the attack. In addition to the fact that, for now, it only works on PCs running XP, it should be noted that this solution is only applicable if the target computer has not already been rebooted after the infection because this operation prevents you from recovering, directly from the memory of the infected system, the prime numbers necessary to trace the cryptographic key needed to decrypt the files. A nice discovery that has incentivized the same French researcher to continue his work by widening the compatibility of his discovery to different platforms. The software needed to decrypt the data has been made available on GitHubunder the name WanaDecrypt while other researchers have joined Guinet to automate the operation, with another tool called Wanakiwi.
Although the WannaCry matter remains open and subject to developments of any nature, the technique identified by the researcher is functional to counter future ransomware campaigns based on phishing activities (via infected emails) or when we download malware from a website (drive by download). Highlighting the vulnerability of WannaCry could offer a new clue about the authors and targets of the cyber attack which, despite its proportions, could have been wider and more damaging, but at the same time it could be a sort of warning from the real authors of the attack considering its association with nations such as Russia and North Korea, among the protagonists of the current political scenario. It would therefore seem to be the representation of in a scenario of cyber warfare that involves us all.