This Free Tool Helps Recover Windows XP PC Hit by WannaCry Ransomware

A developer has released a tool to fight the WannaCry ransomware, which started affecting PCs worldwide last Friday and has helped hackers gain control over 300,000 systems. The tool released can potentially reverse the effects of the ransomware and free files on a system.

The WannaKey software will allow users hit by the WannaCry ransomware and running Windows XP on their PC to get rid of the malicious encryptor and access their files again.

According to a report in the Financial Times, Microsoft failed to provide the update fixing the vulnerability for free to Windows XP  users.

“This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected. You need some luck for this to work and so it might not work in every case,” Adrien Guinet, the tool author warns.

The software recovers the prime numbers of the RSA private key used by WannaCry. Once recovered, these prime numbers can be used to restore the files encrypted by the ransomware on infected computers.

This key, however, doesn’t work for other Windows versions such as 10, 8 or 7 as the prime numbers are erased when freeing the associated memory as ‘CryptReleaseContext’ is triggered.

But it doesn’t clean up the memory on Windows XP, which enables the WannaKey software to recover the PC.

The tool author points out that although the Windows Crypto API has been used properly by the ransomware attackers and this anomaly seems to be exclusive to Windows XP.

“If you’re lucky, that is if the associated memory hasn’t been reallocated and erased, then these prime numbers might still be in the memory,” the tool author adds.

The WannaKey tool seems to be a promising way for all those Windows XP users infected by the ransomware but its results on a larger scale still need to be seen.

However, if this tool works as endorsed, it’ll end up saving hundreds and thousand of dollars from ending up in the hands of the attacker.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s