It's been a week since the massive WannaCry ransomware attack spread to hundreds of thousands of computers around the globe, but now there's a fix for at least some of those impacted.
The catch? It only works on computers running Windows XP through Windows 7 who haven't rebooted their computers since the infection (via CNET).
Called WanaKiwi, the fix was put together by security researcher Benjamin Delpy and is available on Github.
Once initiated, WanaKiwi searches through your computer's memory for the prime numbers used as a basis for the encryption.
From there, WanaKiwi generates a decryption key using the prime numbers it retrieved, allowing you to recover your files. The method is based on an earlier tool called WannaKey, developed by researcher Adrien Guinet.
The downside of the WanaKiwi is that, since it depends on scouring your computer's memory, it can only work if you haven't rebooted since your machine was infected by WannaCry.
Since memory is wiped upon reboot, the prime numbers WanaKiwi searches for are no longer retrievable.
The vast majority of PCs out there should already be protected against the exploit that WannaCry and its copycats rely on. However, businesses that haven't updated their machines with the fix Microsoft released in March were the most heavily impacted, and WanaKiwi represents a potentially easy fix going forward.
And though the tool only works from Windows XP through 7, Windows 7 actually represented the overwhelming majority of PCs hit by the ransomware.
No comments:
Post a Comment