It’s been more than a week that the malicious ransomware has hit the world and caused panic in the virtual internet world. It still keeps on spreading around, infecting thousands over thousands of systems and asking for money to retrieve the encrypted data. To counter this, a huge number of researchers are coming up with fixes and here is one amazing free tool which is called ‘WannaKey’.
The tool released can potentially reverse the effects of the ransomware and free files on a system. The WannaKey software will allow users hit by the WannaCry ransomware and running Windows XP on their PC to get rid of the malicious encryptor and access their files again. Adrien Guinet has released WannaKey, which is designed to take advantage of a shortcoming in Windows XP to decrypt an infected machine’s files. He says he’s used it successfully on several infected Windows XP computers, but the method won’t work for all victims.
“This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected. You need some luck for this to work and so it might not work in every case,” Adrien Guinet, the tool author warns. The researcher has uploaded the tool which he calls WannaKey on his GitHub repo. There, he also explains the process he followed to gain access to the private keys.
Guinet says when the WannaCry ransomware infects a computer and encrypts it, the private keys are stored in the memory and are often left undeleted. This is where a person’s luck comes into the picture, he should hope that the associated memory isn’t reallocated and erased so that the prime numbers belonging to the key can be recovered. The software recovers the prime numbers of the RSA private key used by WannaCry. Once recovered, these prime numbers can be used to restore the files encrypted by the ransomware on infected computers.
The WannaKey tool seems to be a promising way for all those Windows XP users infected by the ransomware but its results on a larger scale still need to be seen. However, if this tool works as endorsed, it’ll end up saving hundreds and thousands of dollars from ending up in the hands of the attacker.