There’s a ransom-free fix for WannaCrypt. Oh snap, you’ve rebooted your XP box
Windows XP PCs infected by WannaCrypt can be decrypted without paying ransom by using a new utility dubbed Wannakey.
Wannakey offers in-memory key recovery for Win XP machines infected by the infamous ransomware strain. The fix can be used to dump encryption keys from memory. This RSA private key, once recovered, can be used to restore encrypted files on infected computers.
Caveats and limitations apply. Compromised machines must not have been rebooted after being infected, otherwise the crucial keys will already have been discarded from volatile memory. That’s quite a big ask a week after the devastating WannaCrypt outbreak, especially since initial advice centred on turning off machines to stop the further spread of infection across corporate networks.
The Wannakey tool, put together by security researcher Adrien Guinet and released on Thursday, appears promising but is yet to be independently tested. Windows XP is, of course, the antithesis of a strong and stable operating system even when it doesn’t have a malware infection. So whether it’ll work for victims of WannaCrypt before their system crashes has to be doubtful.
The developer readily acknowledges these limitations. “This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected,” Guinet writes. “Please also note that you need some luck for this to work, and so it might not work in every cases.” ®