Developer creates WannaCry decryptor for Windows XP

Spread the love

A French security researcher has developed software that allows Windows XP users to decrypt the WannaCry ransomware. There are, however, some limitations in terms of usability.

Security researcher Adrien Guinet from Quarkslab discovered that the prime numbers that WannaCry uses to generate the rsa key are retrievable in memory. WannaCry uses this key to encrypt files. Guinet developed the WannaKey tool to extract prime numbers from memory so that users can unencrypt without paying.

However, the effect is limited. For example, WannaKey only works with Windows XP. With the other vulnerable Windows versions, WannaCry cleans up the prime numbers from memory neatly. The tool does not seem to work in all circumstances. For example, Matt Suiche, security researcher at Comae Technologies, didn’t get the tool working.

Furthermore, Guinet itself emphasizes that systems should not have had a reboot and that users should be lucky that the memory has not been reallocated or wiped for other reasons. The biggest obstacle to actual deployment at the moment is that the WannaCry attack has not hit Windows XP systems so far struck. The ransomware does run on XP, but the worm did not target the OS. WannaKey could be of service in the event of possible attacks in the future.

You might also like
Exit mobile version