The WannaCry ransomware has made a huge mess across the globe, affecting hundreds of thousands of PCs, including critical devices in the healthcare sector.
New hope glimmered on Friday for people hit by last week’s virulent ransomware worm after researchers showed that a broader range of PCs infected by WCry can be unlocked without owners making the $300 to $600 payment demand. The ransomware struck last Friday, ensnaring more than 300,000 computers around the world and netting more than $93,000 since then.
Developed by a security expert Adrien Guinet, an internationally-known hacker Matthieu Suiche and a part-time coder and full-time bank employee Benjamin Delpy, the free tool named “wannakiwi” has been tested by European Cybercrime Centre and has been “found to recover data in some circumstances”.
Their efforts seem to have yielded some results, but it does come with certain caveats. The catch? It only works on computers running Windows XP through Windows 7 who haven’t rebooted their computers since the infection (via CNET).
As was the case with Wannakey, the recovery won’t work if an infected computer has been restarted.
Suiche published a blog with technical details summarising what the group of passing online acquaintances (https://goo.gl/iIFDZs) has built and is racing to share with technical staff at organisations infected by WannaCry. His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software’s full encryption key. Wanakiwi has not yet been extensively tested on computers with x64 CPUs, so it’s possible the tool doesn’t work as reliably on that platform.
The results yielded what look to be positive results, with the programs able to work on Windows XP to Windows 7.
Suiche did make a point of saying that the WannaCry fix, while timely, was the only working solution anyone could come up with, and it wasn’t flawless. It’s created to retrieve files that would otherwise be lost if and when users get permanently locked out of their computers. At this point, however, any solution is better than no solution at all.