French researchers have released software tools they claim can restore some of the computers infected by the WannaCry ransomware attack.
The researchers said the tools are not perfect and only work if the infected computers have not been rebooted after being hit by the programme.
The researchers – Adrien Guinet, Matthieu Suiche and Benjamin Delpy – worked separately.
In his research summary, Mr Guinet — who works for the Paris-based firm Quarkslab — said his software had only been tested to work under Windows XP.
He added that the software helps recover the prime numbers of the RSA private key used by WannaCry.
After his fix for Windows XP came out, others looked for ways to extend that to other operating systems and have succeeded in applying the technique to the newer Windows 7 programme.
The developments came on Friday, the apparent deadline for owners of some infected machines to pay the ransom or lose their files forever.
It is still not likely the technique will help many people, particularly because it works only if their machines have not been rebooted. Most companies needing to restore their operations right away would have turned to back-ups, if available, by now.
Chris Wysopal, chief technology officer with software security company Veracode, said that after ransomware attacks, researchers will often infect one of their own machines on purpose to see if the key is somehow left in the memory. That happened here with some systems of Windows.
WannaCry encrypts victims’ computer files and displays a message demanding ransoms to be paid in the digital currency Bitcoin before people can get their files back.