Wannacry File Restorer

Wannacry File Restorer allows recovering files left in the middle of the Wannacry malware encryption process on a computer. Thanks to this PoC, these files can be recovered

Technology description

When cyberattacks occur in large organizations, it is crucial to remember where duplicate files are stored, as this information is also subject to infection by a malware virus or more importantly in this case, by ransomware. Best practice involves first tracking where the information is located and then starting the data clean up, both for Wannacry and other future incidents:

- Files that are not encrypted were not affected by the malware because the malware did not have time to affect them. There are ways to partially recover files affected by Wannacry, which will be shown throughout the course of this article.

- It is important to always have backups and security copies that are available offline.

- Information surrounding the shared units and the cloud units.

- Information from Office365 email and the data units.

- Information from removable devices, i.e. Pen drives.

-Temporary Office files (Word, Excel, PowerPoint). If the infection was present when a document was open, a temporary file will also have been generated. These files will not be on the radar of Wannacry, meaning these files will not become encrypted. Once the files have been cleaned up, Office files can be recovered to the point they were at when Wannacry started. Once the system has been cleaned up, the temporary files generated at the time of infection can be restored.
Wannacry File Restorer
Innovation Technologies

Recover Popcorn

This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

DirtyTooth for Raspberry Pi

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

DirtyTooth

Hack solved as of iOS 11.2 that accesses services and information from Bluetooth-enabled devices.