WannaCry (also known as Wcry or Wanna) makes use of an exploit in older Windows operating systems code-named “Eternal Blue”. The ransomware takes advantage of this security flaw to infect a computer. Once infected, files on the computer’s hard drive are encrypted and a $300 ransom is demanded to be delivered to a Bitcoin address by a certain date. Failure to meet the first deadline for the ransomware results in an increase in the demand, and a secondary deadline purports to cut off any possibility of retrieving your files.
Since then, security researchers have been hard at work trying to hamstring or otherwise disable the ransomware. Two security researchers have created decryption tools that may be able to get around the encryption in certain situations.
WannaKey is the creation of Paris-based Adrien Guinet, a security researcher for Quarkslab. Wannacry’s encryption scheme depends on generating a private key and then deleting it from local memory, but it’s possible to retrieve the prime numbers used to generate this key in certain situations on systems running Windows XP using WannaKey. As long as the infected Windows XP machine has not yet been rebooted and the memory where the key is stored hasn’t been used by some other process, WannaKey should be able to retrieve the prime numbers used for key generation. The user must then make use of these numbers to calculate the private decryption key.
WanaKiwi is a more user-friendly tool that works on Windows XP, Windows 7, Windows Vista, Windows Server 2003, and Windows Server 2008 according to Comae Technologies founder Matt Suiche. Mr. Suiche has put together a guide with demos and instructions for using WanaKiwi. WanaKiwi requires a certain level of administrator access to function properly, so users on particularly locked-down accounts may not be able to make use of the tool.
Nonetheless, WannaKey and WannaKiwi are two potential solutions for the WannaCry ransomware. If you’re running Windows 8.1 or any operating system older than that, you should make sure that all critical security patches have been installed. Microsoft has released a guide instructing users what to do to defend against the malware and provided security patches that can be manually downloaded.
Have you or anyone you know been affected by WannaCry? Have you tried either WannaKey or WannaKiwi and have they successfully removed the ransomware from your computer? How his malware negatively impacted your life in any way? Let us know in the comments below!