Free Tool To Decrypt WannaCry Ransomware

By

A French researcher has released a free and open source tool to decrypt files locked by WannaCry.

Adrien Guinet, a security researcher from Quarkslab, has created a tool to decrypt files locked by WannaCry ransomware.

Guinet is offering the tool free of cost and it works on Windows XP, Windows 7, Windows Vista, Windows Server 2003, and Windows Server 2008.

The tool has been published on GitHub, and according to the project description, this software allows you to recover the prime numbers of the RSA private key that are used by WannaCry.

“It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext do not erase the prime numbers from memory before freeing the associated memory,” said the GitHub page.

As promising as it may sound, please bear in mind that it’s not a complete solution, you do need a stroke of luck for it to work in your case. “If you are lucky (that is, the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory,” said Guinet on the project page.

The WannaCry ransomware attack has been the worst attack of its kind. The attack started on Friday May 12, 2017, and infected more than 230,000 computers across the globe. It brought down major services, including Britain's National Health Service (NHS), Spain's Telefónica, FedEx, and Deutsche Bahn. It also shows Europe’s reliance on Microsoft technologies.

The WannaCry vulnerability was known to NSA, but instead of informing Microsoft to patch it, the agency used it to compromise target computers.

05/23/2017
Free Tool to Decrypt WannaCry Ransomware

Related content

comments powered by Disqus

SysAdmin Day 2017!

  • Happy SysAdmin Day 2017!

    Download a free gift to celebrate SysAdmin Day, a special day dedicated to system administrators around the world. The Linux Professional Institute (LPI) and Linux New Media are partnering to provide a free digital special edition for the tireless and dedicated professionals who keep the networks running: “10 Terrific Tools."

Special Edition

Newsletter

Subscribe to ADMIN Update for IT news and technical tips.

ADMIN Magazine on Twitter

Follow us on twitter