The unprecedented spread of ransomware that has swept across more than 100 countries since Friday has been cracked by a Chinese tech company - at least in part.
自上周五开始在全球100多个国家大肆传播的勒索软件被一家中国科技公司破解——至少是部分破解。
Qihoo 360, a major internet security company in China, issued a software patch at 3 am on Sunday that can recover the data encrypted by the unidentified attackers. The software can operate without internet access, and customers do not need to pay for it.
Zheng Wenbin, the company's chief security engineer, said the recovery kit was built around a flaw his team found in the malware.
"Some ransomware developers directly encrypt the original files. That would be hard to crack. Lucky for us, the attackers only encrypted the copy and deleted the originals. So all we need to do is find ways to recover the deleted ones," Zheng explained. "Sometimes a simple idea is the most effective."
Zheng said that in an experimental run, his software's recovery rate reached 100 percent. However, in reality, the longer a user waits before using the tool, the higher the chance is of permanently losing some data, because the more changes a user makes to existing files, the harder it becomes to recover deleted data. This is because deleted data is not immediately erased, but the memory space it occupies is considered free and the computer will use it to store other data.
For now, the recovery kit is in Chinese only. Zheng said he does not know if the company will provide the service in English or other languages, though he admitted that changing the user language would be "fairly easy".
By 360's estimation, at least 200,000 computers had been breached by the malware as of 7 pm on Saturday. The number was going up quickly across the globe. 英语新闻作者: kobe 时间: 2017-5-15 23:17