With a major deadline nearing for victims of the WannaCry ransomware epidemic, French IT researchers say they may have found a cure — as long as the computer hasn't been rebooted.
Last Friday, the first of a wave of computers were infected with the ransomware. WannaCry effectively holds the user's computer hostage, and demands the equivalent of about $300 US worth of bitcoin to release the computer owner's data. After 72 hours, the ransom went up to $600. And after a week, the hackers threatened to destroy the data forever.
The ransomware is very infectious, with more than 300,000 computers worldwide in 150 countries believed to have been hit — about half of which are in Russia or China.
But despite its virulence, few people seem to have taken the bait and paid the ransom. At last count, a little more than $92,000 US has been collected, according to U.K.-based bitcoin-tracking firm Elliptical Enterprises — which means roughly 300 people have taken the bait.
That's likely because many victims appear to be taking the advice of security officials, which is to not pay cyber-ransoms — namely because there's little chance of getting your data back even if you do.
"The FBI does not support paying a ransom to the adversary," an FBI factsheet on ransomware reads. "Paying a ransom does not guarantee the victim will regain access to their data."
But with the first batch of victims set to come up on their one-week deadline on Friday, a trio of French researchers say they have uncovered a cure for the infection, with the proviso that the fix will only work if the computer hasn't been turned off and restarted since being infected.
Working independently, Adrien Guinet, Matthieu Suiche and Benjamin Delpy came up with a software patch that works on Windows XP machines, and has since been tested on many others successfully. Called "wanakiwi" the software tool is now available for free.
"(The method) should work with any operating system from XP to Win7," Suiche told Reuters, via direct message on Twitter. Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.
Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting WannaCry files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.
"This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no backups," which allow users to restore data without paying blackmailers.