New Tool Could Liberate PCs Infected With WannaCry It replicates the ransomware's encryption key, but it will only work if you haven't rebooted your computer since it became infected.
By Tom Brant
This story originally appeared on PCMag
Have a computer infected by WannaCry ransomware? If you haven't touched it since the dreaded ransom notice popped up on the screen, there may be a way to free your captive files without paying.
The new fix, developed by French security researchers, only works if your computer hasn't been rebooted since becoming infected with WannaCry. It's called Wanakiwi, and it attempts to replicate WannaCry's encryption key by sniffing out prime numbers -- the building blocks of the widely used RSA encryption method -- that are stored in the ransomware's code. In theory, it's quite simple to use.
"You just need to download the tool and run it on the infected machine," security researcher Matthew Suiche wrote in a blog post on Thursday. "Default settings should work."
Wanakiwi is available on Github. Once you've downloaded it and clicked on the wanakiwi.exe executable file, it will automatically begin looking for the prime numbers. But in order for it to find the numbers, Suiche said, you have to "cross fingers that your prime numbers haven't been overwritten," which would happen if you tried to restart your computer at any time after it was infected.
The Wanakiwi tool has been tested to work with Windows XP and Windows 7, which means it should also work with the intervening versions of Windows, Suiche said. Windows 10 is not affected by WannaCry.
Of course, you may be just as concerned about downloading unknown software from Github as you are about WannaCry itself. While PCMag has not tested Wanakiwi because we don't have any computers infected with WannaCry, Europol announced in a tweet on Thursday that its cybercrime law enforcement division tested it and found that the tool could "recover data in some circumstances."
Meanwhile, if your computer hasn't been compromised by WannaCry, you've got little reason to fear a future infection, assuming you download and install a patch that Microsoft released in March to address the vulnerability that the ransomware targets.
