Softpedia >Windows >Security >Decrypting & Decoding >  WanaKiwi
WanaKiwi icon

WanaKiwi

2.3/5 3
Freeware   

A software tool that can help victims of the WannaCry ransomware to recover data in their infected files under certain circumstances #WannaCry decryptor  #Remove WannaCry  #WannaCry remover  #WannaCry  #Decryptor  #Wanadecrypt  

Description

Free Download

WanaKiwi screenshot

WanaKiwi is a file recovery solution for victims of the WannaCry ransomware. Relying on an ingenious idea, the application analyzes the traces left in the memory by the process that created the encryption keys. The only catch is that, if the PC is shut down or rebooted, the memory state, together with the keys, are erased and, therefore, WanaKiwi is useless.

Based on wanadecrypt, WanaKiwi can find the prime numbers that were used during encryption and were not yet erased from the process memory. Under certain conditions, the key recovery process might not work as it should, because the prime numbers might be reused by the process that created them or overwritten. In other words, it is important to try this application as soon as possible after getting infected.

Once launched, WanaKiwi starts searching for the public key and then looks for the prime numbers in the address space of the "wnry.exe" or "wcry.exe" processes, if the process name is not passed as a parameter. If the keys are found, the private encryption key can be then reconstructed and the locked files can be decrypted.

The application does not alter the original encrypted files (ending in .WNCRY); instead, it saves the decrypted files in a separate location. It is advisable you create a backup of these files as soon as possible and then reinstall a fresh copy of Windows on your PC.

To fool the ransomware virus, WanaKiwi builds the DKY files and sends them to the cyber criminals. This way, WanaKiwi blocks any future attempts of WannaCry to encrypt more files.

While it might not work in some cases, WanaKiwi remains a good alternative as a post-infection solution. The cyber security division of Europol tested this application and certified that it carries out the recovery process in some circumstances.

Advisory note: Due to its decryption method that scans the original process of the ransomware in the attempt to retrieve the keys, WanaKiwi might be detected as harmful by some antivirus applications. It is advisable you read more about the application and how it works before using it.

WanaKiwi 0.2

 add to watchlist add to download basket send us an update REPORT
  runs on:
Windows 2008 R2
Windows 2008
Windows 2003
Windows 7
Windows Vista
Windows XP
  file size:
349 KB
  filename:
wanakiwi_0.2.zip
  1 screenshot:
WanaKiwi - WanaKiwi might make it possible for you to recover files that have been infected by WannaCry.
  main category:
Security
  developer:
  visit homepage

ShareX

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

Context Menu Manager

Customize Windows’ original right-click context menu using this free, portable and open-source utility meant to enhance your workflow
Context Menu Manager

Zoom Client

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

calibre

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

Windows Sandbox Launcher

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

4k Video Downloader

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

Microsoft Teams

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

IrfanView

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

7-Zip

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

Bitdefender Antivirus Free

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

% discount
IrfanView
  • IrfanView
  • 7-Zip
  • Bitdefender Antivirus Free
  • ShareX
  • Context Menu Manager
  • Zoom Client
  • calibre
  • Windows Sandbox Launcher
  • 4k Video Downloader
  • Microsoft Teams
TRY
essentials
Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy