WANNACRY Ransomware possible free Decryption solution Idea.

Everyone is talking about the WANNACRY Ransomware outbreak that has impacted the Microsoft windows Machines using Exploit MS17-010 

All security Professional are discussing how does it impact the infected PC’s and all the details analysis of how he does it spread and what files it encrypts

but one report got me really interested and drove me to think of an Idea of how to get ride of this Encryption

Most of the security Experts are talking about how to stop it but it is too late

now how to decrypt the infected PC’s

in the analysis of bleepingcomputer.com

When you click on the Check Payment button, the ransomware connects back to the TOR C2 servers to see if a payment has been made. Even If one was made, the ransomware will automatically decrypt your files. If payment has not been made, you will see a response like the one below.

Payment not made Response
Payment not made Response

Main Idea :-

if we manged to sniff the network communication to that tor Server address and get back Payment confirmation message received by the Ransomware client.

We can then create a fake server that sends the same confirmation message

direct the clients to talk to this server instead of the Hackers server

Volla.. use his own code against him..

this is somehow similar to what hackers used to do earlier to over come the windows activation

they used to  build fake activation server that would trick the Windows into thinking it is activated

The Idea is to trick the Ranmsomware into thinking a payment has been made

This is a thought but needs some further study to make it true

anyone interested to join the study or have any additional thoughts are welcome to share

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>