WannaCrypt or WannaCry Ransomware Decryptors for Windows XP, 7 and Windows 8

Looking for WannaCry and WannaCrypt Ransomware Decryptors for your Windows XP, Windows 7 and Windows 8 machine? Actually, we have two decryption tools available to decrypt files.

WannaCrypt or WannaCry Ransomware Decryptors for windows

Adrien Guinet, a popular french security research has discovered a way that let you decrypt WannCrypt Ransomware or WannaCry Ransomware encrypted files by recovering the encryption key employed by the WannCrypt ransomware. The tool is tested on Windows XP and is working flawlessly and it is highly expected that the same tool may also work for Windows 8, Windows 7, and Windows Vista. Bad luck for Windows 10 users as this tool will not work on Windows 10.

For those who’re not aware of WannaCrypt Ransomware a.k.a WanaCrypt0r, WannaCry or Wcrypt is a ransomware which aims Windows OS like Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10. It was first spotted on 12th May 2017. The same ransomware that infected more than 230,000 PC running Windows operating system in more than 150 countries.

To decrypt WannaCry and WannaCrypt Ransomware encrypted files you can take help of two decryption tools named as WannaKey and WanaKiwi. Both the tools will decrypt the encrypted files by reclaiming the encryption key utilized by the ransomware.

WannaCry Ransomware Decryptor Tool

The tool looks for the RSA private keys utilized by Wanncrypt ransomware in the wcry.exe process. It is the same process that creates RSA private key. One of the main issues associated with ransomware is that it doesn’t clear the prime numbers from the memory before clearing the linked memory.

But there is one thing which you need to consider in mind, the tool will only work if you have not rebooted your Windows PC after getting infected and is the linked memory hasn’t allotted to some other process.

According to Adrien Guinet,

This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API. Indeed, for what I’ve tested, under Windows 10, CryptReleaseContext does clean up the memory (and so this recovery technique won’t work). It can work under Windows XP because, in this version, CryptReleaseContext does not do the cleanup.

So you can take help of this tool to decrypt your files.

Alternatively, you can also use WanaKiwi, it is another Ransomware Decryptors based on Adrien’s finding. You can download WanaKiwi from Github.

According to Benjamin Delpy,

WanaKiwi also recreates the .dky files expect from the ransomware by the attackers, which makes it compatible with the ransomware itself too. This also prevents the WannaCry to encrypt further files.

The above tool is also tested on both Windows XP and Windows 7 which confirmed that it will work on all the version of Windows between Windows XP and Windows 7 accompanied with Windows Vista, Windows 2003, Windows 2008 and 2008 R2. you can read more about this here.

You can check the following video:

That’s it!

Why don’t you give a try to these two WannaCrypt or WannaCry Ransomware Decryptors and let me know your thoughts in the comments?

Leave a Reply

Your email address will not be published. Required fields are marked *