The Latest in IT Security

WannaCry mistakes that can help you restore files after infection

02
Jun
2017

ransomware-e1478708762258

Sometimes ransomware developers make mistakes in their code. These mistakes could help victims regain access to their original files after a ransomware infection. This article is a short description of several errors, which were made by the WannaCry ransomware developers.

Errors in file removal logic

When Wannacry encrypts its victim’s files, it reads from the original file, encrypts the content and saves it into the file with extension “.WNCRYT”. After encryption it moves “.WNCRYT” into “.WNCRY” and deletes the original file. This deletion logic may vary depending on the location and properties of the victim’s files.

Related posts:
  1. Ransomware Authors: We Are Not Scammers, We Don’t Need Your Files
  2. Unfinished Hitler-Ransomware Variant Deletes User Files
  3. NHS could have taken “relatively simple action” to prevent WannaCry infection
  4. Complex Petya-Like Ransomware Outbreak Worse than WannaCry
  5. WannaDecrypt your files? The WannaCry solution, for some

Read More

Tags:  
Written by Securelist
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments