News

Security Researcher Releases Free WannaCry Decryption Tool

The WannaCry ransomware – born out of an NSA hacking tool for Windows systems – caused havoc earlier this month. Business computer systems – the highest profile victims being the UK NHS – fell prey to the malicious software. Microsoft was even forced to release emergency fixes for the outdated Windows XP (though maybe later than it should have). Now, to the relief of those infected, a security researcher has released a free WannaCry decryption tool.

WannaCry Decryption Tool

The tool, developed by Adrien Guinet of Finnish cybersecurity firm Quarkslab, is designed to unlock Windows XP PCs infected by WannaCry. The program, dubbed WannaKey, can recover the prime numbers WannaCry uses to generate a private key.

How WannaKey Works

Guinet says:

“This software allows you to recover the prime numbers of the RSA private key that are used by WannaCry.

It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory.

This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API. Indeed, for what I’ve tested, under Windows 10, CryptReleaseContext does cleanup the memory (and so this recovery technique won’t work). It can work under Windows XP because, in this version, CryptReleaseContext does not do the cleanup. Moreover, MSDN states this, for this function: “After this function is called, the released CSP handle is no longer valid. This function does not destroy key containers or key pairs.” So, it seems that there are no clean and cross-platform ways under Windows to clean this memory.

The above method, though, does rely on the associated memory remaining unallocated for other tasks. A rebooted system is, unfortunately, unrecoverable using WannaKey.

WannaKey is available for free from Guinet’s GitHub page.

Ashley Allen

Disqus Comments Loading...

Recent Posts

God of War Ragnarok Art Dir. Joins Naughty Dog to Work on Neil Druckmann’s New Game

Rafael "Raf" Grassetti, a highly respected and accomplished artist in the video game industry, is…

14 hours ago

Path of Exile 2 is Already One of the 15 Most Played Games Ever on Steam

There’s no doubt about the incredible success of Path of Exile 2’s launch, which has…

14 hours ago

New Borderlands 4 Trailer to be Shown at The Game Awards 2024

The official Twitter account for the Borderlands series has confirmed that Borderlands 4 will debut…

15 hours ago

The Raspberry Pi 500 and Raspberry Pi Monitor Goes On Sale

Raspberry Pi enthusiasts rejoice! The much-anticipated Raspberry Pi 500, a powerful new computer built into…

19 hours ago

Intel Arc B580 Vulkan and OpenCL Results Leak, Showing Similar Performance to RTX 4060

We are just days away from seeing Intel’s new Arc B series graphics cards in…

19 hours ago

ViewSonic Preparing 27-inch 520Hz OLED Monitor for CES 2025

ViewSonic is set to unveil a groundbreaking 27-inch OLED monitor at the upcoming CES, featuring…

20 hours ago