French researchers have developed a tool to save Windows files encrypted by WannaCry’s ransomware attack. And they are giving it for free.
Developed by a security expert Adrien Guinet, an internationally-known hacker Matthieu Suiche and a part-time coder and full-time bank employee Benjamin Delpy, the free tool named ‘wannakiwi’ has been tested by European Cybercrime Centre and has been "found to recover data in some circumstances".
The researchers have posted the tool on their blog for free download ad have cautioned that it only works if the infected system has not been rebooted since the attack and the files have not been locked permanently by the ransomware.
WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. For first victims of attack, the one week’s notice ended on Friday.
According to the blog published by Suiche, users can decrypt their computers by following these steps:
1. Download wanakiwi from the blog (Click here to download the ransomware WannaCry solution)
2. wanakiwi.exe will automatically look for the 00000000.pky file
3. Cross fingers that your prime numbers haven’t been overwritten from the process address space
Furthermore, the blog adds that wanakiwi also recreates the .dky files expect from the ransomware by the attackers, which makes it compatible with the ransomware itself too. This also prevents the WannaCry to encrypt further files.
Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.
"(The method) should work with any operating system from XP to Win7," Suiche told Reuters, via direct message on Twitter.
Due to limitations of decrypting code, technicians and coders are racing against time to unlock the systems affected by WannaCry. "We knew we must go fast because, as time passes, there is less chance to recover," Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt WannaCry at 6 am Paris time (0400 GMT) on Friday.
Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.