I appreciate all the efforts & time you are giving to fight against this global menace .
One of my friends hard disk is infected by WannaCry (wncry extension)
SInce no decrypter is available yet only alternate is to give it a try on hard disk using signatures.
Unfortunately developers of ransomware have blocked that option as well ( instead of plain deleting file they securely wipe it ( zero fill I think)
This ensures victim will not be able to recover anything,
I just wanted to know what is payload of WannaCry , whether it only deletes file before creating encrypted new file or it wipes it totally.
What is experience of you for raw recovery ?
In some cases ( dharma) malware only erases first few sectors of the file. Certain file types can get recovered,