Don’t pay the WannaCry ransom. This new tool can restore your data without paying up
Security reseacher Adrien Guinet has released WannaKey that is able to restore computers infected by the ransomware.
WannaKey is designed to take advantage of a shortcoming in Windows XP to decrypt the files from an infected machine, according to the Independent. Guinet claims he has used it successfully on infected Windows XP computers. However, the method will not work for all victims.
“In order to work, your computer must not have been rebooted after being infected,” says Mr Guinet, who adds that there’s also an element of luck involved.
“This software allows to recover the prime numbers of the RSA private key that are used by Wanacry,” he explains in a post on GitHub.
“The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory. This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API. It can work under Windows XP because, in this version, CryptReleaseContext does not do the cleanup. ”
WannaKey won’t work on infected computers that run on Windows 10, due to the fact that CryptReleaseContext cleans up the memory on the platform.
“If you are lucky (that is the associated memory hasn’t been reallocated and erased), these prime numbers might still be in memory.”
WannaCry is demanding victims to pay a $300-$600, but security experts have warned users to not pay the ransom.