Earlier, it was a researcher who accidentally created a kill switch for the ransomware. Now, another researcher named Adrien Guinet has found a cure to fix a computer encrypted by the ransomware. He didn’t land up on the method accidentally and his fix only works for machines running Windows XP, still, it’s a relief.
Guinet was able to crack the encryption in his lab by finding the prime numbers that constitute the RSA private key used by WannaCry ransomware.
— Adrien Guinet (@adriengnt) May 18, 2017
But you should be lucky enough, why?
The researcher has uploaded the tool which he calls WannaKey on his GitHub repo. There, he also explains the process he followed to gain access to the private keys.
“In order to work, your computer must not have been rebooted after being infected,” he writes on GitHub. “Please also note that you need some luck for this to work and so it might not work in every cases!”
Guinet says when the WannaCry ransomware infects a computer and encrypts it, the private keys are stored in the memory and are often left undeleted. This is where a person’s luck comes into the picture, he should hope that the associated memory isn’t reallocated and erased so that the prime numbers belonging to the key can be recovered.
The fact that Guinet has open sourced the tool might help other researchers to come up with a solution for other Windows versions. Wannakey as a fix for Windows XP might not be much useful. Various security researchers have noted that the worm that spread the ransomware didn’t infect Windows XP machines.
If you have something to add, drop your thoughts and feedback.