X

There's a WannaCry fix now, with some caveats

If you've been hit with the global ransomware, you may have some good luck for a change..

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
wanakiwi.png
Enlarge Image
wanakiwi.png

French researchers released WanaKiwi, a possible solution for WannaCry victims.

Comae Technologies

As the WannaCry deadline looms and hundreds of thousands of people risk losing important files encrypted by malware, a last-minute fix has arrived.

Cybersecurity researchers on Thursday released a key to help decrypt files that have been locked away by WannaCry. The ransomware struck last Friday, ensnaring more than 300,000 computers around the world and netting more than $93,000 since then.

With ransomware, victims tend to be limited in their options: Either pay up or accept that you've lost your files. In some cases, organizations like No More Ransom create repositories of keys that help people free their files.

Now comes WanaKiwi, the first instance of a possible savior for those hit by the global ransomware attack. The fix is for a very specific set of victims: people on versions from Windows XP to Windows 7 who haven't rebooted their infected computers.

So if you've rebooted since your computer was hit by WannaCry, you might be out of luck. For the few who haven't, here's how the fix works. (Note: CNET has not tested this solution, since we don't have a computer infected with WannaCry.)

Firsts, there's the similarly named WannaKey tool, from Quarks Lab researcher Adrien Guinet, which does an RSA key recovery on Windows XP devices and generates a decryption code from the computer's memory. When WannaCry hits computers, it generates an unlock key, which stays hidden in the memory until the PC's been rebooted.

French researcher Benajmin Delpy updated that key with WanaKiwi so it could work on Windows 7 devices, too. You can download the key through Delpy's GitHub page.

Once you run the program, it automatically searches for prime numbers in your computer's memory -- the building blocks behind encryption. If you've rebooted since becoming infected, it's possible those prime numbers have been lost.

If you haven't, Wanakiwi should be able to retrieve the keys and fix your encrypted files. It's supposed to also prevent the ransomware from encrypting more files in the future.

The fix comes as WannaCry continues to infect computers, with copycats and variations of the ransomware popping up. That means freshly infected victim who could be in the market for something like WanaKiwi.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.

Technically Literate: Original works of short fiction with unique perspectives on tech, exclusively on CNET.