WanaKiwi - Automated wanadecrypt with key recovery if lucky

Alt text
This utility allows machines infected by the WannaCry ransomware to recover their files.
wanakiwi is based on wanadecrypt which makes possible for lucky users to :
  • Recover the private user key in memory to save it as 00000000.dky
  • Decrypt all of their files
The Primes extraction method is based on Adrien Guinet's wannakey which consist of scanning the WannaCry process memory to recover the prime numbers that were not cleaned during CryptReleaseContext().
Adrien's method was originally described as only valid for Windows XP but @msuiche and I proved this can be extended to Windows 7.

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.