Free WannaCry decryption tools released online

The private cybersecurity industry has faced a series of unprecedented global crises so far in 2017, including WannaCry and Adylkuzz malware attacks. In the face of such rampant digital crime, a viable open source counter-hacking community is emerging.

Adrien Guinet, a French security researcher from Quarkslab, discovered a method for finding the ransomware’s decryption key.
WannaCry encryption creates two keys – “public” and “private” – that are based on prime numbers and are responsible for encrypting and decrypting the system’s files respectively.
However, WannaCry "does not erase the prime numbers from memory before freeing the associated memory," Guinet said, as cited by The Hacker News.
The aptly-named “WannaKey” tool is available for free here but only functions on computers running the Windows XP operating system.

I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system #wannacry!! pic.twitter.com/QiB3Q1NYpS

— Adrien Guinet (@adriengnt) May 18, 2017

#WannaCry Ransomware Decryption Tool Released; Unlock Your Files Without Paying Ransom https://t.co/TZnU3sSxfb #security #wanakiwi pic.twitter.com/vJ3wmhDXaw

— The Hacker News (@TheHackersNews) May 19, 2017

Given the very specific way in which the tool works, it only functions if the infected computer has not been rebooted since the WannaCry ransomware and the associated memory has not been allocated and erased by another process.
In yet another win for open source online collaboration by private cybersecurity firms and researchers, another tool was quickly developed based on Guinet’s findings that has broader applications.

Benjamin Delpy developed the WanaKiwi tool, available for free download here, which simplifies the decryption process somewhat and is applicable to infected computers that run the Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

Almost all WannaCry victims were running Windows 7 https://t.co/wEVgoyUmhV pic.twitter.com/bVw3LLk4Z9

— The Verge (@verge) May 19, 2017

Nearly all #WannaCry victims were running Windows 7, according to security firm @Kaspersky Lab https://t.co/q0qbVuU7YV pic.twitter.com/aJropxn7V2

— CNET (@CNET) May 19, 2017

Comae Technologies founder and CEO Matt Suiche has also provided a series of blogs and demonstrations on how to use WanaKiwi to decrypt your files.

While both WannaKey and WanaKiwi are limited in what they can accomplish for victims of the cyberattack that affected hundreds of thousands of computers across the globe, this can still be seen as a major win for open source counter-hacking.

#Wannacry decrypting files tested by @EC3Europol & found to recover data in some circumstances: https://t.co/E9j59j4p0c https://t.co/3n8hd4hrQi

— Europol (@Europol) May 19, 2017

#WannaCry #Ransomware Answers to your main questions & prevention advice: https://t.co/8xbDNrdeNt pic.twitter.com/f5tpBcTOBr

— Europol (@Europol) May 19, 2017