The source code of the extortion application WannaCry, which several weeks ago managed to spread to hundreds of thousands of computers around the world, was very poor quality. This gives hope that the encrypted files can be returned without having to pay redemption.

The code was analyzed by Kaspersky Lab and it was discovered that errors in the code make it possible to restore files with the help of available software tools and even simple commands. For example, an error in the processing mechanism of read-only files means that the program can not encrypt such files. Instead, WannaCry creates encrypted copies of user files, while the original files remain untouched, but are hidden. It's enough just to enable the option of displaying hidden files to access them.

If user files are considered to be unimportant, they are sent to a temporary folder. Data in these files is not overwritten, but deleted, so they can be restored using special programs.

If the files are in important folders, like "Desktop" or "My Documents", WannaCry overwrites the original file and it is impossible to restore them.

For three weeks, the authors of the extortioner received an amount of only $ 120,000, which, given the scale of infection, is an extremely modest indicator. Recently there was information that computers on Windows XP suffered less than others, since the extortion led to the appearance of a blue screen of death instead of file encryption, which also indicates the low quality of the code.