A free tool that can undo the damage caused by the WannaCry ransomware on some computers is now available.
(CCM) — A free tool called Wannakey can allow users to decrypt the files on some computers that have fallen victim to the WannaCry ransomware. The tool, which has been developed by French security researcher Adrien Guinet, provides an alternative to restoring data from a backup (if one exists) or paying the criminals behind WannaCry a $300 ransom in Bitcoin. Wannakey works on computers running Microsoft's Windows XP operating system, and can only successfully retrieve the key needed for decryption if the machine has not been rebooted since the time of the infection.
The software works by searching for the prime numbers the ransomware uses to create the key. In Windows XP, these numbers are not deleted from the computer's memory at the end of the process, although they can be overwritten. "If you are lucky (that is the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory," explains Guinet. The numbers are erased from memory when the machine is rebooted. However, if Wannakey can retrieve the primes and regenerate the key, then victims can use Wannafork or Wannadecrypt, two free tools, to decrypt the data encrypted by WannaCry. Wannakey, Wanafork, and Wanadecrypt are all available to download from GitHub.
Image: © iStock.