Computers around the world started to fall prey to a ransomware attack called WannaCry last week, before the spread of the malware was at least temporarily halted. The malware makes use of a security vulnerability in older versions of Windows that was first discovered by the US National Security Agency and later released by a group called Shadow Brokers.
While Microsoft has released security updates that should help protect your computer, what do you do if your PC contracts the WannaCry virus before you can update?
For a while it looked like you had two choices: pay a ransom to unlock your data or give up. But now there’s a third option: security researchers have found a way to decrypt data on infected PCs without paying the ransom. But it won’t necessarily work for everyone.
The main thing you need to know? Act quickly and don’t reboot your PC if it becomes infected with WannaCry.
Two tools have been released so far that may be able to decrypt your data. But they both do this by searching for a prime number written to your computer’s memory in order to calculate the key needed to unlock your data.
If you reboot your PC, the prime number will be erased from memory and you’re out of luck. But the number could also be overwritten if you simply wait too long. So the key is to find the latest security tool available and try to run it.
Right now it looks like the best option if you’re running Windows XP through Windows 7 is an open source application called Wanakiwi.
Just download, unzip, and run the application on an infected PC and it will do its best to unlock your data.
Wanakiwi uses the same method for calculating a key that an earlier tool called Wannakey utilizes, but while Wannakey has only been tested on Windows XP, Wanakiwi has been tested on newer versions of Windows.
Wannakey was developed by Adrien Guinet, while Benjamin Delpy developed Wanakiwi.
Want to know more? Comae.io has the best explanation I’ve seen so far about how the new tools work.
via Wired, FOSSBytes, and Ars Technica