It’s been a week since WannaCry terrorized over 300000 PCs across the world, with the malware gathering nearly $93000 in ransom money since then. The first deadline for the $300 Bitcoin blackmail threat has now passed, leaving thousands of people vulnerable to losing all their files.
It’s at this critical moment that a new fix called WanaKiwi has arrived to decrypt the ransomed files. Previously, all a person could do is either cough up the ransom or reset their computer. WanaKiwi offers a third option for data recovery and seems to be pretty simple to use.
However, WanaKiwi only works on Windows XP and Windows 7 PCs which haven’t been rebooted from the moment they got infected. That’s because the tool automatically seeks out prime numbers in a computer’s memory and those numbers might get overwritten if the device has been restarted.
WanaKiwi is ingenious in the sense that it doesn’t actually try to find the unlock key hidden in the memory after a PC has been struck, instead focusing on finding prime numbers, the base for encryption, to generate the key itself. It was worked on by two security researchers named Adrien Guinet and Benjamin Delpy.
Guinet initially released a fix called WannaKey that worked on Windows XP devices. Delpy then updated the recovery tool so that it worked with Windows 7 PCs as well. The majority of WannaCry victims were utilizing either of those operating systems, so the solution should help most people who’ve been affected or do get hit in the future.
You can download WanaKiwi here. Default settings should automatically kick in once you run it on an infected machine. It should also prevent WannaCry from locking up more files in the future.