Wanna-Cry Ransomware Could Give a Chance to Victims to Get Files Back
The code behind WannaCry, the ransomware which recently afflicted hundreds of thousands of victims over the world, was packed with mistakes along with very low quality, to this kind of degree that some victims may able to regain usage of their original files even after they’ve been protected.
Analysis of WannaCry by researchers at security company Kaspersky Lab has found that almost all of the errors meant files could be restored with publicly available software tools or even simple commands.
“If you were infected with WannaCry ransomware there is a good opportunity that you will be able to restore a lot of the files on the afflicted computer”, the experts at Kaspersky Lab said. “The code quality is surprisingly low. ”
In one instance, an error in the read-only file processing device of WannaCry means it isn’t able to encrypt read-only files at all. Instead, the ransomware creates encrypted copies of the victims’ files, while the original files remain unmarked but are going ‘hidden’. That means it’s simple to have the data files back simply by un-hiding them.
This isn’t the one example of poor code within WannaCry. If the ransomware infiltrates a system and the files usually are deemed important by the developers the files are moved to a momentary directory.
Within these files is the original data, which isn’t overwritten, but simply deleted from the drive, meaning it is possible to get them back using file restoration software. Unfortunately, if the files are in an ‘important’ folder, like Files or Desktop, WannaCry will overwrite the original document with random data and it remains impossible to restore it in such a case.
Nevertheless, the many mistakes in the code offer aspire to those who become afflicted as the amateurish character of the ransomware leaves a lot of freedom for retrieving at least files.
“If you were infected with WannaCry ransomware there is a good chance you will be able to restore a lot of the documents on your afflicted computer. We advise private users and organizations to use the file recovery resources on afflicted machines in their network” said Anton Ivanov, the security researcher at Kaspersky Lab.
It isn’t the first time WannaCry has been described as something of an inexperienced form of ransomware – and the simple fact that only a tiny percentage of infected victims have paid a combined total of $120, 000 in Bitcoin ransoms in the 3 weeks considering that the attack implies that while it induced widespread disruption, it has did not make money, which is the eventual goal of ransomware.
Although WannaCry did infect many Windows XP systems, many failed attacks resulted in computer systems crashing and displaying the ‘blue screen of death’, again suggesting that might not all be well with the code.
As the identification of those behind the WannaCry campaign remains unidentified, police and cyber security organizations continue to look for answers surrounding the roots of the ransomware.