Network security researcher claims to find a way to decode WannaCry

Adrien Guinet said he could decrypt (decrypt) the ransomware-infected computer running Windows XP in the lab by finding the sequence of numbers that makes up WannaCry's own password string. This series of numbers is what the ransomware victims of this extortion have to spend money to buy, thereby decrypting their files. Guinet said he could find it without paying a penny of Bitcoin .

Importantly, Guinet realized this technique was only effective on Windows XP . The reason is that this operating system is not affected by the ransomawre attack on May 12. However, WannaCry is now available on XP, but at least this technique can help victims.

Guinet wrote on Github: " To do this, your computer has never been rebooted after being infected. Remember also that you need some luck because in some cases it may not. effective ".

Network security researcher claims to find a way to decode WannaCry Picture 1
I have completed the decoding process but it can only restore files on the XP system

Why is that? Guinet explains that " when WannaCry invades a computer, it will generate a decrypted password string based on prime numbers. It is important that ransomware does not remove them from memory before releasing the associated memory ." " If you're lucky (the memory involved hasn't been deleted or redistributed), these good integers are still in there ."

If you can recover those numbers, you can decrypt the file, Guinet said. He released the software used to decrypt the infected WannaCry computer and called it Wannakey.

Wannakey has not been extensively tested, so it is still uncertain how effective it is. However, it also raised the hope that data encrypted by ransomware could be decrypted in the future. Anyway, that is good news.