A development in the WannaCry ransomware scene that is nothing short of astonishing as security researchers have found a way to decrypt the files encrypted by the ransomware without paying a single penny.
According to security researcher Adrien Guinet who works at Quarkslab, WannaCry ransomware encrypts files on a computer by relying on public-private key pairs. To create the key pairs, the ransomware uses prime numbers to generate a “public” key and a “private” key for encryption and decryption of the system files.
The real work by Guinet however is his finding that the ransomware doesn’t erase the prime numbers that it users to generate the key pair from memory before freeing the associated memory and this leaves an opportunity to retrieve the prime numbers and hence generate the private key for decryption.
The researcher was able to create a WannaCry ransomware decryption tool, which he has aptly named WannaKey. The tool basically tries to retrieve the two prime numbers used in the formula to generate encryption keys. While the development is awesome, there is one limitation as the tool will only work on systems that haven’t been rebooted after the attack or on systems with associated memory that hasn’t been allocated and erased by user or by some other process.
The WannaKey decryption tool has been made available for all Windows operating systems including Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008.
This is not the only tool that is currently available. According to reports, another tool called “WanaKiwi” has also been released and the security researcher who has released the tool is Benjamin Delpy. The researcher claims that the tool can decrypt files encrypted by WannaCry ransomware files and the underlying idea is the same as implemented by Guinet.
WannaCry garnered headlines after it managed to affect hundreds of thousands of systems globally. The cyberattack affected computer networks in over 150 countries including Britain, Spain, Japan, Indonesia, Taiwan to name a few. According to reports, it has infected over 300,000 computers in the world, and this is widely seen as the biggest cyberattack in the world.
If you still haven’t been infected by WannaCry ransomware despite having no security software installed on your system, now is the time to install one [huge discount on Amazon] as you might not be safe for long considering the rate at which the ransomware is spreading around the world. Read More
Leave a Reply