McAfee researchers test WannaCry recovery method

Although there is evidence that some victims of the WannaCry ransomware attack on 12 May have paid the attackers, there is no evidence that they are getting their data back

In response to the apparent failure of those behind the WannaCry ransomware to deliver decryption keys to victims who elect to pay the ransom, McAfee researchers have tested a potential recovery method.

Led by Raj Samani, chief scientist at McAfee and McAfee Fellow, researchers have developed an experimental recovery method that could be used to recover files – albeit with mixed results.

McAfee researchers used a file recovery method called “file carving” to recover WannaCry encrypted data. During testing, some cases led to an almost full recovery, while others were less effective.

The method offers an option for victims to try to regain their data, but Samani and researchers Christiaan Beek and Charles McFarland said they accept no responsibility if things do not go as expected.

Continue reading…