By Eric Auchard
FRANKFURT (Reuters) – French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims’ computers first infected a week ago.
WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection.
A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed.
The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.
The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.
Suiche has published a blog with technical details summarizing what the group of passing online acquaintances has developed. He links to a tool called Wannakey built by Guinet, the creator of the original concept.
“THE ONLY WORKABLE SOLUTION”
Guinet, a security researcher at Paris-based Quarks Lab, published the basic technique for decrypting WannaCry files on Thursday, which Delpy then figured out how to turn into a practical tool to salvage files.
Suiche, based in the United Arab Emirates and one of the world’s top security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.
Wannakey was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believes the hastily developed fix also works with Windows 2008 and Vista.
“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters via direct message on Twitter.
“This is not a perfect solution. But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups,” Suiche said of network back-up and retrieval systems which allow users with infected computers to restore them after re-imaging their PCs.
Classic customer help desk procedures typically advise users reporting computer problems to reboot their machines, but fast-acting users who pulled the plug on their PCs or otherwise did not attempt to repair them can benefit, the researchers said.
(Editing by Maria Sheahan and Gareth Jones)