WANNACRY DEVELOPMENT ERRORS ENABLE FILE RECOVERY
WannaCry may have caused worldwide havoc on May 12 when it rode the coattails of the NSA’s weaponized EternalBlue exploit to infect computers in 150 countries, but that doesn’t mean it was a quality piece of ransomware.
A number of programming errors in the code are floating to the surface and researchers are saying that file recovery without decryption keys is within reach of sysadmins.
Kaspersky Lab today disclosed a number of issues within WannaCry that can be leveraged to recover files that were encrypted by the malware. To date, 200,000 computers have been hit by WannaCry, whose spread was shut down after the discovery of a killswitch in the code, the first hint that the authors of this code may not have been topnotch.
“Experienced ransomware authors do not make such errors,” said Anton Ivanov, senior malware analyst at Kaspersky Lab. “From our side we think that developers of WannaCry were not experienced at developing at all.”
Source : threatpost