Sometimes ransomware developers make mistakes in their code. These mistakes could help victims regain access to their original files after a ransomware infection. This article is a short description of several errors, which were made by the WannaCry ransomware developers.
Errors in file removal logic
When Wannacry encrypts its victim’s files, it reads from the original file, encrypts the content and saves it into the file with extension “.WNCRYT”. After encryption it moves “.WNCRYT” into “.WNCRY” and deletes the original file. This deletion logic may vary depending on the location and properties of the victim’s files.
Leave a reply