French researchers have apparently found a way to decrypt encrypted Windows files by the dreaded WannaCry ransomware without paying the ransom. This is especially good news for victims who were given a deadline to pay or have their files destroyed.
Presently, a team of security researchers from around the world has been working together to come up with a way to unlock the WannaCry ransomware encryption key and have already found a solution. However, this can apparently only work in certain situations. The first is that the computer should not be rebooted after the infection, and the other is that that the security fix should be applied before the WannaCry virus locks down the files permanently. The team of researchers includes security experts and hackers such as Matthieu Suiche and Benjamin Delpy.
According to Delpy, who has apparently spent two sleepless nights trying to figure out the workaround, “We knew we must go fast because, as time passes, there is less chance to recover.”
The following is an excerpt of the Reuters report on the WannaCry ransomware virus.
“Delpy calls his free tool for decrypting infected computers without paying ransom ‘wanakiwi’.”
Suiche published a blog with technical details summarizing what the group of passing online acquaintances has built and is racing to share with technical staff at organizations infected by WannaCry.
Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.
‘(The method) should work with any operating system from XP to Win7.’
Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.”
The WannaCry virus exploited a security vulnerability on the Windows XP platform and affected computers in 150 countries. The perpetrators behind the attack demanded a $300 equivalent in bitcoin deposits to have the data in affected computers unlocked.”
The hackers have so far received almost $80,000 in bitcoins, but have to complete the next part of the process to really profit, and that is to move the money for eventual withdrawal. This will be particularly hard, considering that security experts and authorities across the world are watching.
The other tricky element is that bitcoin has a pseudonymous process structure, which makes transaction patterns easily traceable. And so, for the men behind the WannaCrypt ransomware to make a clean withdrawal with no traces, all the bitcoin addresses have to be deleted. The following are the options available to them according to Emin Gün Sirer, a professor at Cornell University.
” Technologies already exist for shedding so called ‘tainted’ bitcoins – they just require a little technical know-how.
One of the simplest processes is ‘chain hopping’, where bitcoins are converted into other digital currencies, usually at offshore exchanges. “Following the trail gets quite difficult as the coins cross jurisdictions and change shape,”
Another technique known as ‘tumbling’ would allow the hackers to pool their ill-begotten bitcoins with other people’s coins.
In a bitcoin tumbling service, coins from different sources are mixed together and then re-disbursed. Conceivably, the hackers could repeatedly mix their coins until the coins were diluted enough to throw law officials off their path.”
This was while speaking to Coin Desk. However, he highlighted that the process of mixing bitcoins was risky, firstly because it was not easy to find a large amount of bitcoins to mix them with, and secondly because they were prone to clustering, a property that made them easy to trace. As things stand, only time can reveal whether the perpetrators behind the WannaCry or WannaCrypt ransomware virus will profit.
[Featured Image by Patrick Lux/Getty Images]