Don’t cry for me: Free WannaCry decryption tools released online
Adrien Guinet, a French security researcher from Quarkslab, discovered a method for finding the ransomware’s decryption key.
WannaCry encryption creates two keys – “public” and “private” – that are based on prime numbers and are responsible for encrypting and decrypting the system’s files respectively.
However, WannaCry "does not erase the prime numbers from memory before freeing the associated memory," Guinet said, as cited by The Hacker News.
The aptly-named “WannaKey” tool is available for free here but only functions on computers running the Windows XP operating system.
Given the very specific way in which the tool works, it only functions if the infected computer has not been rebooted since the WannaCry ransomware and the associated memory has not been allocated and erased by another process.
In yet another win for open source online collaboration by private cybersecurity firms and researchers, another tool was quickly developed based on Guinet’s findings that has broader applications.
Benjamin Delpy developed the WanaKiwi tool, available for free download here, which simplifies the decryption process somewhat and is applicable to infected computers that run the Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
Comae Technologies founder and CEO Matt Suiche has also provided a series of blogs and demonstrations on how to use WanaKiwi to decrypt your files.
While both WannaKey and WanaKiwi are limited in what they can accomplish for victims of the cyberattack that affected hundreds of thousands of computers across the globe, this can still be seen as a major win for open source counter-hacking.