Frenchman claims cure for WannaCry-infected computers

Wannacry spread across the internet last week, infecting systems across the world and embarrassing nations that don't upgrade their OSs. To be safe, users may want to create backups of their most important files, wipe the machine and perform a fresh install of their operating system.

French security researchers have come up with a solution that may help users impacted by the WannaCry ransomware recover their encrypted files without having to fork over $300 worth of Bitcoin to hackers. Victims were given three days to pay the $300 ransom before it doubled, and seven days to pay before the encrypted files were deleted. The tool they have managed to develop is called wanakiwi, and is a freeware. Right-click the file in your Downloads folder and select "Extract all".

Matt Suiche, cofounder of security firm Comae Technologies, has tested wanakiwi and reports that it works.

A tool that the researcher posted on Github can now search for the decryption key in the memory if the computer wasn't rebooted after being infected, so if you already restarted the system and it then got locked down by WannaCrypt, this isn't going to work.

While the initial version of Guinet's software solution only helped out Windows XP users, this wasn't a huge help in and of itself given that most users affected by WannaCry were Windows 7 users. His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full encryption key. The tool searches for the prime numbers of the private key in wcry.exe, the process responsible for generating WannaCry's private key, which will remain in memory until a reboot occurs. Delpy's Wanakiwi extends compatibility to Windows 7 and, by implication, to Windows Vista, which was released between Windows XP and Windows 7. He said his tool has successfully decrypted several such PCs, some that run Windows 2003 and 7. On the other hand, Windows XP systems that haven't been infected just yet must deploy Microsoft's patch that's available even for unsupported versions of Windows.

  • Arturo Norris