Unlock WannaCry Ransomware Without Paying with WannaKiwi

May 24, 2017

Thanks to WannaKiwi. In the past past weeks, we’ve seen a wild ransomware attack that affected industries all around the world. Dubbed WannaCry, it spread via an exploit through an outdated protocol in Windows. Affected systems spread the malware across networks without the other machines even having to click a link. Thankfully the spread is over, but companies hit by the attack still have a lot of mess to clean up.

If you were infected, you know that you shouldn’t pay up. Ransomware authors obviously aren’t honest people, so there’s no guarantee that they’ll provide the decryption key even if you hand over the cash. Fortunately, there’s a tool that might be able to unlock computers affected by WannaCry for no cost. It works to retrieve critical numbers left over by the ransomware and use them to figure out the decryption key.

It’s not a surefire deal, however. The computer must not have been rebooted since being infected, and if another process erased the memory used by WannaCry, it might be lost. Still, it’s worth a try for those infected. This works on Windows XP , Vista, Windows 7, and Server 2003/2008 systems.

Start by downloading the WannaKiwi tool and placing it on a computer that’s been infected. The developer states that the default settings should work fine, so just run the utility and let it do its job. If you’re lucky, it will retrieve the important numbers and get to work on decrypting your computer. For more information, read the developer’s usage guide.

WannaCry is nasty, but if you’re running Windows 10 or Windows 7 with automatic updates installed, you were immune to it. This is mainly for business who are running outdated versions of Windows or weren’t installing updates regularly. That’s why it’s important to make sure you install security patches!

To protect against WannaCry variants, you should also disable the outdated SMB v1 protocol on your system as we discussed in our previous article on WannaCry and protecting yourself. Bad guys are constantly coming out with new versions of ransomware strains to evade detection, this exploit to recover from won’t last long in future strains. Is your network effective in blocking ransomware when employees fall for social engineering attacks? Let Evo IT come review your network at no charge for vulnerabilities and give you a quick look at the effectiveness of your existing network protection.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInShare on TumblrShare on StumbleUponShare on RedditEmail this to someone