A Slim Hope Appears for WannaCry Ransomware VictimsWindows Decryption Tools Arrive as Time to Pay Ransom Runs Out
Note: This story has been updated. For the latest information, see: WannaCry Ransomware: Tools Decrypt for Free.
See Also: The Essential Guide to Security
Victims of the WannaCry ransomware who haven't backed up their files have a tough choice: take a risk paying the ransom or just accept the loss. But there's a small glimmer of hope: French researchers have figured out a way to decrypt files without paying. But their tools only work on some affected devices, and only if they have not been powered off or rebooted.
Still, Guinet says it's worth a try. WannaKey is being received well given the alternatives for dealing with the ransomware.
"His tool is very ingenious as it [doesn't] look for the actual key but the prime numbers in memory to recompute the key itself," writes Matt Suiche, founder of Comae Technologies. "In short, his technique is total bad ass and super smart."
May 19 update: Suiche says an updated version of the similar WanaKiwi decryption tool allows it to potentially work with all affected versions of Windows. The EU's law enforcement intelligence agency, Europol, has seconded the researcher's findings.
WannaCry swept across the world on May 12, infecting about 216,000 Windows computers with a speed not seen since mega-worms like Love Bug and SQL Slammer in the early 2000s (see Teardown: WannaCry Ransomware). It exploited a Windows software flaw, (MS17-010), using an exploit believed to have originated with the NSA but leaked in April by the Shadow Brokers hacking group.
Time is of essence: WannaCry warns victims they have three days to pay $300 in bitcoin before the ransom rises to $600. If that isn't paid after a week, the data is locked forever.
WannaCry's code has been pored over by analysts, part of a worldwide effort to find clues of who might be responsible and also for weaknesses in how it encrypts files.
But for WannaCry "there is currently no method of decrypting encrypted files without having the private key," writes the U.S. Computer Emergency Readiness Team in an advisory.
Guinet, however, came across an odd way that Windows XP handles the generation of encryption keys.
WannaCry uses the RSA algorithm to create the public and private keys, which are derived from long prime numbers. The private key decrypts files. That key generation process occurs in memory. In later versions of Windows, such as 7 and 10, the operating system tidies up after that process and erases the prime numbers. But for some reason that doesn't occur in XP. The particular function, CryptDestroyKey, instead just erases a handle related to the key.
Matthew D. Green, a cryptography expert and assistant research professor in the department of computer science at Johns Hopkins University, dug up the Microsoft documentation.
It says, in part, that many cryptographic service providers "overwrite the memory where the key was held before freeing it. However, the underlying public/private key pair is not destroyed by this function. Only the handle is destroyed."
Green jokes on Twitter: "Only Microsoft could design this function."
The by-design wrinkle, however, is critical to the recovery of files. Guinet's tool tries to find those prime numbers for the private key. But if the machine has been rebooted, the numbers are lost. It is also possible to lose them if the machine's memory has simply been overwritten due to normal activity.
"If you are lucky (that is, the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory," Guinet writes in the WannaKey readme on GitHub. "That's what this software tries to achieve."
Whoever wrote WannaCry was likely unaware of the issue in XP. It's also likely they didn't care. Microsoft ended mainstream support for XP in 2014, although it did take the unprecedented move of issuing an emergency patch for XP and other older Windows systems due to the severity of WannaCry.
XP still accounts for about 7 percent of the Windows market. Organizations such as the U.K. National Health Service still have some devices running XP in service. But after its troubles with WannaCry, the NHS denied the impact was due to widespread use of XP, which runs on less than five percent of its systems.
Aside from not noticing the XP key generation quirk, WannaCry's developers also made numerous other errors, such as failing to create a separate bitcoin payment address for each victim. This means the attackers may have trouble identifying which victim to receive the decryption key, according to Check Point. They also inadvertently left a kill switch in the code, which allowed a British security researcher to luckily halt the spread of the malware.
The mistakes are an encouraging sign, however, that there might be more glitches that will allow WannaCry to be defanged. Guinet's research has also inspired another project from Benjamin Delpy to work on a similar decryption method. It can't come too soon. Time for many encrypted machines - and their victims - is running out.