Telefonica released a script to restore files WannaCry hasn't finished encrypting yet. It finds the files that have had their names changed but aren't encrypted, reads their headers, and restores the filename. Probably not super useful at this point, but still, neat. Combining this with the tool that pulls the key from memory could save a lot of work.

Not that patching appropriately wouldn't have saved more...

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.