Wannacrypt rescue without paying – if you’re lucky
There’s now a way to recover files locked up by Wannacrypt ransomware without paying the attackers a thing but there are some catches.
Adrien Guinet at Quarkslab has developed Wcry, decryption code for WannaCrypt. At the time of writing it only works for Windows XP computers, even then, it needs a bit of luck.
Windows XP plus some luck
Wcry takes advantage of a security lapse in Windows XP which can leaves in memory the prime numbers used in the encryption. If the computer hasn’t been rebooted and no other program has used that memory location, Wcry can recover the primes and work out the decryption code.
The code is up on Github so other coders can copy and improve on it.
Some ransomware attacks, but not all, can be unlocked free using similar tools. There’s no guarantee that there’ll be a similar tool if you’re a ransomware victim but it’s worth checking before paying over any money.