×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

WannaCry Ransomware Holding Your Windows PC Hostage? Recover It With This Tool

The Wanna Decrypter ransomware that began floating around the Internet late last week has made a lasting impact, with hundreds of thousands of PCs worldwide being affected. What the malware does is even scarier: one minute, you're using your computer normally; the next, your data is locked away behind a key unless you fork over $300.

As has become typical of ransomware, Wanna Decrypter will demand payment via Bitcoin in order to recover the data the attackers locked down. Once payment is received, an encryption key is typically (but not always) sent that will allow the user to recover their data. It's a chore for the inexperienced user, and an outrageous requirement for everyone.

wanakiwi
Credit: @gentilkiwi (Twitter)

Yesterday, a tool called WannaKey hit Github promising free recovery of data on PCs corrupted with Wanna Decrypter. This tool carried a large number of caveats, though, with a big one being that it's exclusive to Windows XP, and the PC could not be rebooted after being infected.

Today, another developer has built on WannaKey's abilities and released wanakiwi, a tool with the same goal of recovering data, but will work on all versions of Windows between XP and 7 (that includes Vista and server variants). Unfortunately, this wanakiwi carries the same caveat of being useless after an infected PC has been rebooted.

WannaDecrypter Casio
Credit: /u/kevle6 (reddit)

The reason these tools can potentially save your data is because of remnants Wanna Decrypter leaves in the system memory after it's carried out its mission. In particular, the prime numbers of the RSA private key are left in memory, allowing these tools to recover them in order to decrypt the victim's data. In Windows 10, those prime number values would have been purged from memory, and presumably the same applies to Windows 8 (which is probably why the tool doesn't support these operating systems).

It's unfortunate that these tools have very specific limitations, but those who are able to take advantage of them are sure to be thankful.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source