You are here: Home » Current Affairs » News » National
Business Standard

WannaCry-infected Windows can be unlocked without paying ransom: Know how

Delpy calls his free tool for decrypting infected computers without paying ransom 'wanakiwi'

Reuters  |  Frankfurt 

As deadline looms, experts find way to unlock ransomware files

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the threatens to start locking up victims’ computers, first infected a week ago.
 
WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300-$600 within one week of infection.


 
A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the for files hit in the global attack, which several independent security researchers have confirmed.
 
But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before carried out its threat to lock their files permanently.
 
The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.
 
“We knew we must go fast because, as time passes, there is less chance to recover,” Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt at 6 am Paris time (0400 GMT) on Friday.
 
Delpy calls his free tool for decrypting infected computers without paying ransom “wanakiwi”.
 
Suiche published a blog with technical details summarising what the group of passing online acquaintances has built and is racing to share with technical staff at organisations infected by
 
Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.
 
“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters.
 
Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

“The only workable solution” 

Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.
 
Suiche, based in Dubai and one of the world's top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.
 
His blog post links to a Delpy's “wanakiwi” decryption tool which is based on Guinet's original concept. His idea involves extracting the keys to encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full
 
“This is not a perfect solution,” Suiche said. “But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups” which allow users to restore data without paying black-mailers.
 
As of Wednesday, half of all internet addresses corrupted globally by were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.
 
By contrast, the United States accounts for 7 per cent of infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.
 
Only 309 transactions worth around $94,000 appear to have been paid into blackmail accounts by Friday, sevens days after the attack began.
 
That's just under one in 1,000 of the estimated victims.
 
This may reflect a variety of factors, security experts say, including scepticism that attackers will honour their promises or the possibility that organisations have back-up storage plans allowing them to recover their data without paying ransom.

RECOMMENDED FOR YOU

WannaCry-infected Windows can be unlocked without paying ransom: Know how

Delpy calls his free tool for decrypting infected computers without paying ransom 'wanakiwi'

Delpy calls his free tool for decrypting infected computers without paying ransom 'wanakiwi' French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the threatens to start locking up victims’ computers, first infected a week ago.
 
WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300-$600 within one week of infection.
 
A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the for files hit in the global attack, which several independent security researchers have confirmed.
 
But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before carried out its threat to lock their files permanently.
 
The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.
 
“We knew we must go fast because, as time passes, there is less chance to recover,” Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt at 6 am Paris time (0400 GMT) on Friday.
 
Delpy calls his free tool for decrypting infected computers without paying ransom “wanakiwi”.
 
Suiche published a blog with technical details summarising what the group of passing online acquaintances has built and is racing to share with technical staff at organisations infected by
 
Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.
 
“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters.
 
Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

“The only workable solution” 

Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.
 
Suiche, based in Dubai and one of the world's top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.
 
His blog post links to a Delpy's “wanakiwi” decryption tool which is based on Guinet's original concept. His idea involves extracting the keys to encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full
 
“This is not a perfect solution,” Suiche said. “But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups” which allow users to restore data without paying black-mailers.
 
As of Wednesday, half of all internet addresses corrupted globally by were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.
 
By contrast, the United States accounts for 7 per cent of infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.
 
Only 309 transactions worth around $94,000 appear to have been paid into blackmail accounts by Friday, sevens days after the attack began.
 
That's just under one in 1,000 of the estimated victims.
 
This may reflect a variety of factors, security experts say, including scepticism that attackers will honour their promises or the possibility that organisations have back-up storage plans allowing them to recover their data without paying ransom.
image
Business Standard
177 22

WannaCry-infected Windows can be unlocked without paying ransom: Know how

Delpy calls his free tool for decrypting infected computers without paying ransom 'wanakiwi'

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the threatens to start locking up victims’ computers, first infected a week ago.
 
WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300-$600 within one week of infection.
 
A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the for files hit in the global attack, which several independent security researchers have confirmed.
 
But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before carried out its threat to lock their files permanently.
 
The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.
 
“We knew we must go fast because, as time passes, there is less chance to recover,” Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt at 6 am Paris time (0400 GMT) on Friday.
 
Delpy calls his free tool for decrypting infected computers without paying ransom “wanakiwi”.
 
Suiche published a blog with technical details summarising what the group of passing online acquaintances has built and is racing to share with technical staff at organisations infected by
 
Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.
 
“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters.
 
Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

“The only workable solution” 

Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.
 
Suiche, based in Dubai and one of the world's top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.
 
His blog post links to a Delpy's “wanakiwi” decryption tool which is based on Guinet's original concept. His idea involves extracting the keys to encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full
 
“This is not a perfect solution,” Suiche said. “But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups” which allow users to restore data without paying black-mailers.
 
As of Wednesday, half of all internet addresses corrupted globally by were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.
 
By contrast, the United States accounts for 7 per cent of infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.
 
Only 309 transactions worth around $94,000 appear to have been paid into blackmail accounts by Friday, sevens days after the attack began.
 
That's just under one in 1,000 of the estimated victims.
 
This may reflect a variety of factors, security experts say, including scepticism that attackers will honour their promises or the possibility that organisations have back-up storage plans allowing them to recover their data without paying ransom.

image
Business Standard
177 22