A simple Ransomware which got widely spread around the globe rising tensions around different Cyber Security Firms. The Ransomware so far has made a huge impact by affection around 200,000+ computers around the globe and was able to make 6 digits for the people behind this evil Ransomware.
The Ransomware was using an SMB remote code execution vulnerability, which was used by the Eternal Blue Tool which is one of the NSA’s hacking tool released by the Hacker group called Shadow Brokers.
The Ransomware would encrypt all your data and will ask a key to unlock your files, The key can be only taken by paying ransom in bitcoins to the attacker’s bitcoin wallet.
The attack was only possible on Windows systems, but later on, Linux users using Wine got affected too by the Ransomware.
How could you be safe?
All you need to do is apply patches for your windows system if so far you have not applied them.
Here are some steps to avoid getting infected by WannaCry Ransomware or any other Malware.
1. Apply Security updates Regularly
2. Use Offline Backups
3. Use a Reputed Anti-Virus program and Update it Regularly.
4. Always be suspicious while surfing the Internet.
5. Disable SMB v1 in Windows Features
Oops! Got Infected, What to do now?
If you have already got infected by this Ransomware, then no need to panic, first make sure that you don’t shut down your system and be calm.
A Security Researcher From Quarkslab named Adrien Guinet has done the Hard work finding the way to find Decryption key for the Ransomware.
WannaCry encryption creates two keys – “public” and “private” – that are based on prime numbers and are responsible for encrypting and decrypting the system’s files respectively. It also deletes the key from the system so that victim would no longer be able to access it and eventually end up paying ransom to get his/her files back.
But, here is the twist ” WannaCry does not erase the prime numbers from memory before freeing the associated memory, says Guinet.” Quoted by The Hacker News earlier in their article.
Guinet also released a tool named WannaKey to decrypt WannaCry Ransomware. But works only for Windows XP, which can be downloaded here.
But in order for the tool to provide the desired result the computer should not be rebooted once affected by the ransomware and also the associated memory has not been allocated by some other process.
The sign of relief is that based on Guinet’s discovery, The open source Security Researcher Benjamin Delpy have made another tool named as Wanakiwi.
The tool is available on Github for download, the victim just needs to download the tool and run it on the infected machine, The Researcher also made a video tutorial to show how to run the tool. The tool works fine and is based on Guinet’s finding, provided the system has required dependencies in the system are available.
The tool so far works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008.
The Demonstration video to use WanaKiwi