WannaCry Ransomware Decryption Tool Released Free; Unlock Files Without Paying Ransom
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.
► [PES 2018] Full CPY REPACK Download & Install [Tutorial]
► PTE Patch 7.0 Download + Install [Tutorial]
► PES 2017 Download & Install [Tutorial]
Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
WannaCry Ransomware Decryption Keys
The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively.
To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to the attacker.
But here's the kicker: WannaCry "does not erase the prime numbers from memory before freeing the associated memory," says Guinet.
Based on this finding, Guinet released a WannaCry ransomware decryption tool, named WannaKey, that basically tries to retrieve the two prime numbers, used in the formula to generate encryption keys from memory, and works on Windows XP only.
Note: Below I have also mentioned another tool, dubbed WanaKiwi, that works for Windows XP to Windows 7.
"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory." says Guinet
So, that means, this method will work only if:
The affected computer has not been rebooted after being infected.
The associated memory has not been allocated and erased by some other process.
"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work, and so it might not work in every case!," Guinet says.
"This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API."
While WannaKey only pulls prime numbers from the memory of the affected computer, the tool can only be used by those who can use those prime numbers to generate the decryption key manually to decrypt their WannaCry-infected PC’s files.
WanaKiwi: WannaCry Ransomware Decryption Tool
► download link:
Good news is that another security researcher, Benjamin Delpy, developed an easy-to-use tool called "WanaKiwi," based on Guinet's finding, which simplifies the whole process of the WannaCry-infected file decryption.
All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd).
WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008, confirmed Matt Suiche from security firm Comae Technologies, who has also provided some demonstrations showing how to use WanaKiwi to decrypt your files.
Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system.
Music: Alan Walker - Fade [NCS Release]
Pemerintah Antisipasi Serangan Ransomware Wanna Cry
WANNACRY RANSOMWARE SPREADS LIKE PLAGUE - WANNA CRY Decryptor - WHAT IS RANSOMWARE?
Global Cyber Attack Chaos Wanna Cry Ransomware
Live Demo of Wana Cry/WanaCrypt v2 Ransomware propagation on Windows Client
Cyber Retas 74 Negara Termasuk Indonesia Dengan Virus Wanna Cry
Wanna cry virus in action
Apa Itu Virus Ransomware Wanna Cry
How do I get rid of WannaCry 2.0 popup?(Wana Decrypt0r2.0 REMOVAL)
How to Prevent infect WannaCry Ransomware
WannaCry on Linux
WannaCry ransomware attack: Bigliest ever cyberattack affects over 200,000
Ransomware virus 'WannaCry' plagues 10k organizations 200k computers across 150 countries
WannaCry ransomware which recently infected 10k organizations and 200k individuals in over 150 countries
ANONYMOUS - CYBER MASSIVE ATTACK of May 12, 2017 #WannaCry