Don’t cry for me: Free WannaCry decryption tools released online
The private cybersecurity industry has faced a series of unprecedented global crises so far in 2017, including WannaCry and Adylkuzz malware attacks. In the face of such rampant digital crime, a viable open source counter-hacking community is emerging.
Adrien Guinet, a French security researcher from Quarkslab, discovered a method for finding the ransomware’s decryption key.
WannaCry encryption creates two keys – “public” and “private” – that are based on prime numbers and are responsible for encrypting and decrypting the system’s files respectively.
However, WannaCry "does not erase the prime numbers from memory before freeing the associated memory," Guinet said, as cited by The Hacker News.
The aptly-named “WannaKey” tool is available for free here but only functions on computers running the Windows XP operating system.
I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system #wannacry!! pic.twitter.com/QiB3Q1NYpS
— Adrien Guinet (@adriengnt) May 18, 2017
Given the very specific way in which the tool works, it only functions if the infected computer has not been rebooted since the WannaCry ransomware and the associated memory has not been allocated and erased by another process.
In yet another win for open source online collaboration by private cybersecurity firms and researchers, another tool was quickly developed based on Guinet’s findings that has broader applications.
#WannaCry#FRENCHMAFIA@benkow_@adriengnt@gentilkiwi@msuiche are like the 4 ninja turtles!
— Mohamed Saher (@halsten) May 19, 2017
Benjamin Delpy developed the WanaKiwi tool, available for free download here, which simplifies the decryption process somewhat and is applicable to infected computers that run the Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
Comae Technologies founder and CEO Matt Suiche has also provided a series of blogs and demonstrations on how to use WanaKiwi to decrypt your files.
#Wannacry decrypting files tested by @EC3Europol & found to recover data in some circumstances: https://t.co/E9j59j4p0chttps://t.co/3n8hd4hrQi
— Europol (@Europol) May 19, 2017
While both WannaKey and WanaKiwi are limited in what they can accomplish for victims of the cyberattack that affected hundreds of thousands of computers across the globe, this can still be seen as a major win for open source counter-hacking.