WannaCry ransomware is now one of the most widespread cyber threats in the world. Till date, it has managed to infect more than 230,000 computers which include several government offices and renowned institutions. Security experts have just come up with an easy fix which can decrypt a WannaCry Infected PC. Named as WannaKiwi, it works exclusively for computers running Windows XP and 7. It will certainly restore PCs which haven’t been rebooted after infection.
WannaKiwi is developed by Benjamin Delpy, a security researcher. The working technique of this fix is rooted within the core foundation of WannaCry. The first thing WannaKiwi does after installation is a search for prime numbers in the hard drive. This is where WannaCry leaves the signs of its decryption key just after finishing a fresh encryption process.
However, with time, these remnants get overwritten, making it impossible for WannaKiwi to retrieve the unlock key. Rebooting your WannaCry-infected computer is the worst possible thing you should do as it clears off those remnants almost instantly.
The WannaKiwi is the upgraded version of Adrien Guinet’s wannakey, which could only restore WannaCry infected computers running Windows XP. The wannakey was the first to feature the ingenious idea of searching for prime numbers. This is a lot easier than finding the actual key. Compiling the decryption password from the prime numbers is not at all a big deal.
For starters, WannaCry is the biggest ever ransomware outbreak in the planet. After its first attack on May 12, 2017, the virus has rapidly spread to more than 150 countries and over 230,000 computers. WannaCry is mainly infecting Windows XP and Windows 7 PCs, whereas the Windows 10 is immune to it.
Microsoft had already issued an update for Windows 7 beforehand in March to prevent this kind of ransomware attack. However, most of the Windows 7 users did not install the update. The majority of them consist of various private and government offices.
WannaCry is built upon the ExternalBlue exploit developed by USA’s National Security Agency (NSA). The virus mainly spreads through email phishing. Similar to any other ransomware, WannaCry encrypts the important data in your computer and then ask money to unlock them.
The newest threat asks for $300 (Rs. 19,337 approx.) for the first 3 days after infection. If you cross this deadline, WannaCry will demand $600 (Rs. 38,675 approx.), which you can pay until the 7th day, after which, the ransomware will delete all of your data. Unsurprisingly, WannaCry only accepts Bitcoin as the mode of payment.
Do note that even if you pay the demanded amount, WannaCry will install the DoublePulsar backdoor in your system. With it, the makers of WannaCry can ask for more money whenever it wishes. Fortunately, WannaKiwi fixes this vulnerability too.
We recommend all our readers to install the latest updates to their Windows PCs immediately. Numerous ransomware has been developed by copying the code of WannaCry, which itself is constantly developing to keep up with the various antivirus programs and cyber security agencies.
Visit here to download WannaKiwi and follow the instructions to successfully restore your WannaCry infected computer.