If you were one of those whose PCs got infected by the WannaCry ransomware last week, there’s some hope in the horizon. Researchers have now showed that a broader range of PCs infected by WannaCry can be unlocked without owners making the $300 to $600 payment demand.
A new publicly available tool is able to decrypt infected PCs running Windows XP and 7, and 2003, and one of the researchers behind the decryptor said it likely works for other Windows versions, including Vista, Server 2008, and 2008 R2. The tool, known as wanakiwi, builds off a key discovery implemented in a different tool that was released on Thursday.
Called Wannakey, the previous tool provided the means to extract material from infected Windows XP PCs but required a separate app to transform those bits into the secret key required to decrypt files. Matt Suiche, cofounder of security firm Comae Technologies, helped develop and test wanakiwi and reports that it works.
Like Wannakey, wanakiwi takes advantage of shortcomings in the Microsoft Crytographic Application Programming Interface that WannaCry and other Windows applications use to generate keys for encrypting and decrypting files. While the interface includes functions for erasing a key from computer memory once it has been secured, previously overlooked limitations sometimes allow the prime numbers used to create a key to remain intact in computer memory. Those numbers can then be recovered as long as PCs remain powered on and the memory location storing the numbers isn’t overwritten with new data.
