How to recover data encrypted by WannaCry malicious code
The attack from the WannaCry malware, although it has subsided lately, has been extremely serious for organizations and agencies that have been attacked by computer systems. WannaCry has the ability to 'bypass' all security security firewalls. All data contained in the computer will be completely erased. And to be able to retrieve those important data, we are forced to pay a virtual money.
In this situation, there are many measures to prevent attacks, spread and strengthen the security system to prevent the vulnerabilities that WannaCry uses to invade computers. So what if the computer was attacked by WannaCry and lost most of the data? If the reader is experiencing this situation, you can use the WannaKiwi tool.
The WannaKiwi tool comes from a security researcher at Quarkslab, capable of helping users recover data after being attacked and wiped out by WannaCry.
Note to users , WannaKiwi can run on both Windows XP, Windows 7, Windows Vista, Windows Server 2003, 2008. But the tool can only 'save' data when the computer has not restarted since infection.
Step 1:
First of all, we click on the link below to download the WannaKiwi tool to your computer.
- Download the WannaKiwi tool
Step 2:
After downloading, we proceed to extract the file.
Then, access the folder and extract and run the .exe file to start the Wannakiwi program.
Step 3:
Soon, the tool will scan the entire system to find the 00000000.pky encryption string, and then perform data recovery for the user.
When the WannaCry malware attacks and infects the computer, the wcry.exe process will be created and the process will generate a private RSA key. But WannaCry did not delete the sequence of prime numbers from RAM. So if the computer is infected and has not restarted, these important serial numbers remain intact and are used to decrypt the data that WannaCry has encrypted.
Video restores data infected with WannaCry with Wanakiwi
Thus, taking advantage of the loophole of WannaCry malicious code that Wannakiwi tool has helped users can retrieve all data that was encrypted by this malicious code, deleted from the computer system. However, the computer since infection has not restarted any time Wannakiwi will work. If the computer is turned off and turned on again, it is impossible to use the Wannakiwi tool anymore.
I wish you all success!
You should read it
- Warning with 4 dangerous variants of WannaCry malware
- How to remove / fix ransomware WannaCry
- Download the free WannaCry malware checker now
- How to identify WannaCry malicious code from Vietnam Computer Emergency Response Center (VNCERT)
- 2 effective and free ways to check WannaCry
- WannaCry remains one of the most dangerous global security threats
- WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system
- Network security researcher claims to find a way to decode WannaCry
May be interested
- How to decrypt encrypted files, recover data encrypted by Ransomwareno more ransome called for cooperation to fight ransomware, helping victims recover their data without paying ransom for hackers. the project website not only provides computer users with a way to protect themselves from ransomware, but also provides a set of free decoding tools.
- How to prevent EternalRocks malicious codeeternalrocks is a malicious code that is even more dangerous than wannacry, exploiting up to seven nsa vulnerabilities and they work on computers.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Disable malicious HiddenTear Ransomware with HT Brute Forcerif your system has been infected with hiddentear malicious code, don't worry because a program called ht brute forcer (developed by michael gillespie) can allow you to recover your encryption key without paying ransom.
- How to kill virus automatically delete Unikey, Vietkey, Zalo on the computera new malicious code that works similarly to wannacry, using the ms17-010 vulnerability can delete vietkey, unikey or zalo on the computer. so how to prevent this malicious code?
- Malware Judy attacked more than 36.5 million Android phonesmalicious code judy now attacks 36.5 million android users through dozens of malicious applications and games with the judy brand.
- Warning: Dangerous new malicious code spills over to Vietnamon the afternoon of february 14, bkav's virus surveillance system issued a warning about a w32.weakpass extortion encryption code-targeting campaign targeting vietnamese public servers of foreign hackers.
- GIBON extortion code spread through spama new ransomware called gibon, once again malspam (malware spread via email) attaches a malicious file and contains the download macro, installs the malicious code to blackmail the victim's computer.
- Hacker attacks a US city demanding $ 100,000 ransom with Bitcoinhackers encrypted important city files and ransomed about $ 100,000 with bitcoin.
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilitieswhile ransomware wannacry has stirred up the internet world over the past few weeks to exploit only two vulnerabilities, the new malware uses seven vulnerabilities.