WannaCry decryption tool has been released!

Share if you likedShare on Facebook0Share on Google+5Tweet about this on TwitterShare on LinkedIn194

The WannaCry ransomware has infected thousands of computer systems around the world, but Adrien Guinet a security researcher of Quarkslab, has found a way to recover the unknown encryption keys used by the ransomware.

Adrien said that in order to retrieve the keys, your computer must not have been rebooted after being infected. The tool allows recovering the prime numbers of the RSA private key that are used by Wannacry.

It does that by searching for them in the “wcry.exe process. This is the process that generates the RSA private key. The main problem is that the CryptDestroyKey and CryptReleaseContext don’t erase the prime numbers from memory before freeing the associated memory.

“I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system”

Adrien created a WannaCry ransomware decryption tool called WannaKey. The decryption process will work successfully if the affected computer has not been rebooted after being infected and the associated memory hasn’t been allocated and erased.

Another security researcher (Benjamin Delpy) released a tool named “WanaKiwi,” based on Adrien’s discovery, which simplifies the whole process.

Infected users should download WannaKey tool or WannaKiwi tool from Github and try it on the affected Windows.

Share if you likedShare on Facebook0Share on Google+5Tweet about this on TwitterShare on LinkedIn194

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply

Advertisment ad adsense adlogger