A developer has released a tool to fight the WannaCry ransomware, which started affecting PCs worldwide last Friday and has helped hackers gain control over 300,000 systems. The tool released can potentially reverse the effects of the ransomware and free files on a system.
The WannaKey software will allow users hit by the WannaCry ransomware and running Windows XP on their PC to get rid of the malicious encryptor and access their files again.
According to a report in the Financial Times, Microsoft failed to provide the update fixing the vulnerability for free to Windows XP users.
“This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected. You need some luck for this to work and so it might not work in every case,” Adrien Guinet, the tool author warns.
The software recovers the prime numbers of the RSA private key used by WannaCry. Once recovered, these prime numbers can be used to restore the files encrypted by the ransomware on infected computers.
This key, however, doesn’t work for other Windows versions such as 10, 8 or 7 as the prime numbers are erased when freeing the associated memory as ‘CryptReleaseContext’ is triggered.
But it doesn’t clean up the memory on Windows XP, which enables the WannaKey software to recover the PC.
The tool author points out that although the Windows Crypto API has been used properly by the ransomware attackers and this anomaly seems to be exclusive to Windows XP.
“If you’re lucky, that is if the associated memory hasn’t been reallocated and erased, then these prime numbers might still be in the memory,” the tool author adds.