There’s an easy fix for WannaCry, if you haven’t rebooted yet
There’s a glimmer of hope for a specific subset of victims in the WannaCry hack. Security researchers have released a fix that gets rid of the ransomware and restores a device’s files, though it only works on Windows XP to Windows 7, and only on computers that have not been rebooted since the infection.
The fix is called wanakiwi and it comes from security researcher Benjamin Delpy. The program scours a computer’s memory for prime numbers, the foundation of encryption, and then uses those to generate unlock keys for the encrypted files. (Restarting the computer could erase these prime numbers.) This ingenious little tool is based on Adrien Guinet’s wannakey, which was designed to recover Windows XP keys.
WannaCry is the largest ransomware attack in history, and it isn’t over yet. It was unleashed on 300,000 computers in more than 150 countries on May 12th, briefly locking down the United Kingdom’s National Health Service and thousands of other major institutions around the globe. The ransomware demands $300 (in bitcoin) to restore the infected device’s files, and it gives victims one week to pay. Today, the first deadlines are up.
WannaCry infects computers running outdated versions of Windows — Microsoft released a patch for the exploit in March, but that doesn’t protect people or businesses who don’t automatically update, or anyone using pirated software.
Hackers lifted the program from the National Security Agency, which originally called the vulnerability “Eternalblue.” A group named The Shadow Brokers claims to have stolen hacking secrets from the NSA and has been publishing these tools online.
Copycat hacks have been popping up since WannaCry went live, and the program itself is evolving as security firms attempt to block it.