Daily Management Review

A Way To Unlock Wannacry Without Ransom Found By French Researchers


A Way To Unlock Wannacry Without Ransom Found By French Researchers
Racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago, French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry.
Threatening to lock out victims who have not paid a sum of $300 to $600 within one week of infection, WannaCry started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations.
They had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed, said a loose-knit team of security researchers scattered across the globe.
Only if victims applied the fix before WannaCry carried out its threat to lock their files permanently and if computers had not been rebooted since becoming infected, their solution only works in certain conditions, their solution will work, cautioned the researchers.
European Cybercrime Centre has said it was "found to recover data in some circumstances" after it tested the team's new tool, Europol said on Twitter.
Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France, Matthieu Suiche, who is an internationally known hacker, and Adrien Guinet, who works as a security expert, were part of the group.
"We knew we must go fast because, as time passes, there is less chance to recover," Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt WannaCry at Paris.
"Wanakiwi" is the name given by Delpy to his free tool for decrypting infected computers without paying ransom.
Summary of what the group of passing online acquaintances has built and is racing to share with technical staff at organizations infected by WannaCry, was published by Suiche in a blog with technical details.
Suiche said that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs after Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003.
"(The method) should work with any operating system from XP to Win7," Suiche said.
Delpy added that so far, he had bene contacted for the fix by banking, energy and some government intelligence agencies from several European countries and India.
Late Wednesday and Thursday, the theoretical technique for decrypting WannaCry files was published by Guinet, a security researcher at Paris-based Quarks Lab, and which was figured out about how to turn into a practical tool to salvage files by Delpy, also in Paris.
Advice and testing to ensure the fix worked across all various versions of Windows was provided for by Suiche, based in Dubai and one of the world's top independent security researchers.
Based on Guinet's original concept, his blog post links to a Delpy's "wanakiwi" decryption tool. Rather than attempting to break the endless string of digits behind the malicious software's full encryption key, his idea involves extracting the keys to WannaCry encryption codes using prime numbers.
"This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups" which allow users to restore data without paying black-mailers.