WannaCry encryption creates two keys – “public” and “private” – that are based on prime numbers and are responsible for encrypting and decrypting the system’s files respectively.
However, WannaCry "does not erase the prime numbers from memory before freeing the associated memory," Guinet said, as cited by The Hacker News.
The aptly-named “WannaKey” tool is available for free here but only functions on computers running the Windows XP operating system.
I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system #wannacry!! pic.twitter.com/QiB3Q1NYpS
— Adrien Guinet (@adriengnt) May 18, 2017
#WannaCry Ransomware Decryption Tool Released; Unlock Your Files Without Paying Ransom https://t.co/TZnU3sSxfb #security #wanakiwi pic.twitter.com/vJ3wmhDXaw
— The Hacker News (@TheHackersNews) May 19, 2017
Given the very specific way in which the tool works, it only functions if the infected computer has not been rebooted since the WannaCry ransomware and the associated memory has not been allocated and erased by another process.
In yet another win for open source online collaboration by private cybersecurity firms and researchers, another tool was quickly developed based on Guinet’s findings that has broader applications.
Benjamin Delpy developed the WanaKiwi tool, available for free download here, which simplifies the decryption process somewhat and is applicable to infected computers that run the Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
Almost all WannaCry victims were running Windows 7 https://t.co/wEVgoyUmhV pic.twitter.com/bVw3LLk4Z9
— The Verge (@verge) May 19, 2017
Nearly all #WannaCry victims were running Windows 7, according to security firm @Kaspersky Lab https://t.co/q0qbVuU7YV pic.twitter.com/aJropxn7V2
— CNET (@CNET) May 19, 2017
While both WannaKey and WanaKiwi are limited in what they can accomplish for victims of the cyberattack that affected hundreds of thousands of computers across the globe, this can still be seen as a major win for open source counter-hacking.
#Wannacry decrypting files tested by @EC3Europol & found to recover data in some circumstances: https://t.co/E9j59j4p0c https://t.co/3n8hd4hrQi
— Europol (@Europol) May 19, 2017
#WannaCry #Ransomware Answers to your main questions & prevention advice: https://t.co/8xbDNrdeNt pic.twitter.com/f5tpBcTOBr
— Europol (@Europol) May 19, 2017
Post a Comment Blogger Facebook Disqus