For those who’ve found their computers infected by the WannaCry ransomware, there’s a solution at hand. Thanks to a new decryption tool released by a French security research, you don’t need to pay $300 in Bitcoins to cyber criminals if your system has also been affected by WannaCry ransomware.
The cyberattack affected computer networks in over 150 countries including Britain, Spain, Japan, Indonesia, Taiwan to name a few. According to reports, it has infected over 300,000 computers in the world, and this is widely seen as the biggest cyberattack in the world.
French security researcher Adrien Guinet, from Quarkslab has discovered a way to retrieve the secret encryption keys used by WannaCry ransomware. According to Guinet, WannaCry ransomware rely on prime numbers and generates a “public” key and a “private” key for encryption and decryption of the system files.
He also found that it does not erase the prime numbers from memory before freeing the associated memory, and hence he was able to create a WannaCry ransomware decryption tool, named WannaKey, which basically tries to retrieve the two prime numbers used in the formula to generate encryption keys.
The WannaKey decryption tool is available for free and works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. Unfortunately, the tool will only work on those affected computer that haven’t been rebooted after the attack or for computers with associated memory that hasn’t been allocated and erased by user or by some other process, added Guinet.
Reportedly, there is still one more way to unlock your computer without paying. As reported by the hacker news, there’s another tool called called “WanaKiwi” by a security researcher named Benjamin Delpy that can unlock WannaCry infected systems.
This tool is said have to developed on Guinet’s findings and is available to download from Github. The WanaKiwi tool works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems like the WannaKey, and can run using the command prompt.