Not all hope is lost. If you are already hit by Wannacry ransomware and you are running one of the following Microsoft versions:

Windows 7 ,Windows 8, Windows 8.1 ,Windows 10

with UAC while having shadow copies enabled prior to the infection you might be lucky.

Your fate is in your own hands:

Do not click yes on the UAC popup window appearing during infection.

See pic below published by ENISA:

Check also this self explanatory video.

The malware does not have an effective way of bypassing UAC, so your shadow copies are not really deleted except if the malware is running as admin or the user specifically gives permission.

Should you not click yes on the UAC prompt you can disinfect the machine and then proceed in restoring all of your files using your shadow copies which are intact!

Furthermore (according to symantec), original files previously stored in any folder except: Desktop, My Documents, or on a removable drive are just encrypted and their original copies are simply deleted. This means they could be recovered using an undelete tool.

FINAL NOTE: DO NOT PAY THE RANSOM!

Windows Versions using UAC

Windows 7 (in video), Windows 8, Windows 8.1, Windows 10

Enable and use Shadows Copies to restore files:

Props to ENISA team members Alex Zacharis & Cosmin Ciobanu for disclosing the workaround.

More info here

Disclaimer Notice

The information and views set out in this report are those of the author(s) and do not necessarily reflect the official opinion of the European Union Agency on Network and Information Security (ENISA).

Neither the European Union institutions and bodies nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein.