WannaCry ransom
The WannaCry pop-up ransom message that appears when systems are infectedScreengrab/Cyphort

A week after the lethal ransomware WannaCry struck thousands of computers across the globe, researchers have combined their efforts to produce a decryption tool, which Europol has confirmed worked as a successful decryptor in many cases.

IBTimes UK earlier reported how French cybersecurity researcher Adrien Guinet, from Quarkslab, released a decrypting tool that allowed only Windows XP users to recover their data. Guinet's work was advanced by internationally acclaimed ethical hacker Benjamin Delpy who exploited the shortcomings of WannaCry and used it to create a tool called WanaKiwi that produces a decryption key for Windows XP, 7, 2003, 2008 and possibly Vista.

How it works

While WannaKey extracted prime numbers that had not been erased from the system and were vital to the decryption key, it required a separate app to transform those bits into the secret key. WanaKiwi scours the memory of the infected systems, extracts the p and q variables the secret key was based on, and reassembles the finished key all by itself. The tool then uses the key to decrypt all files locked by the WannaCry ransomware.

French ethical hacker and co-founder of CloudVolumes, Matt Suiche confirmed that WanaKiwi has been tested and shown to work on Windows 7 and older Windows versions like XP, 2003 and more. Europol also tweeted confirming they were able to use the tool for decryption.

How to decrypt your files using WanaKiwi

  • It is imperative that you do not switch off your computer after it is infected by the ransomware for this tool to work. Those who already have can try the method but are less likely to succeed
  • Download WanaKiwi from here
  • Earlier for WannaKey, users needed to search the 00000000.pky file using the Task Manager but Wanakiwi will automatically locate the file and start the process
  • The settings of the application have been set in default, so no changes need to be made
  • In case you have a problem running the tool or find any other issue make sure to tweet to Delpy as he may be able to resolve it

While users are advised to try out the decryption tool on their infected systems, there may be more ransomware attacks on its way with researchers having discovered new strains of malware similar to WannaCry. To stay fully protected those who have not been infected should immediately upgrade their Windows system by following Microsoft's advisory given in detail here.