Windows XP users get free Wannakey tool to help erase Wannacry ransomware

All those users using Microsoft Windows XP systems with infected Wannacry ransomware can now breathe a sigh of relief. Reason, a new tool capable of decrypting the Wanna cry Virus encrypted files is now available as an open source. However, the new tool figured out by French security researcher Adrien Guinet comes with a caveat.

As per the sources reporting to our Cybersecurity Insiders, the said Wanna cry aka Wcry virus can only be erased if the infected weren’t rebooted after the cyber attack. Means, only those machines can be brought back to life which was left untouched after a cyber attack and which weren’t rebooted.

The only other advice which is available as of now to come out of the Wcry trouble is to pay a ransom of $300 in bitcoins to hackers. But there is no guarantee that the hackers will hand over you the decryption key after receiving the payment or there is a high probability that they demand more.

Technically speaking, the Wannakey works only when the system isn’t rebooted after getting infected with ransomware. It actually searches for the prime numbers of the private key in wcry.exe and then generated a wanna cry private key which will remain in memory until a reboot occurs.

The recovery technique doesn’t work in Windows 10 as the said operating system erases the memory while XP doesn’t.

Presently, the tool works only for users whose XP machines were infected. But if the researchers make a similar tool available for Windows 7 users, then it can show a bigger impact on sites operated by UK’s NHS hospitals that were hit hard by the recent ransomware attack.

Note- The ransomware attack which was launched last week by hackers from North Korea infected more than 200,000 operating across 150 nations. According to the media sources, hackers got hold of the hacking tool from a Windows exploits called Eternal Blue which was exposed to the world by United States NSA in April this year.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display