A software tool that can help victims of the WannaCry ransomware to recover data in their infected files under certain circumstances #WannaCry decryptor #Remove WannaCry #WannaCry remover #WannaCry #Decryptor #Wanadecrypt
WanaKiwi is a file recovery solution for victims of the WannaCry ransomware. Relying on an ingenious idea, the application analyzes the traces left in the memory by the process that created the encryption keys. The only catch is that, if the PC is shut down or rebooted, the memory state, together with the keys, are erased and, therefore, WanaKiwi is useless.
Based on wanadecrypt, WanaKiwi can find the prime numbers that were used during encryption and were not yet erased from the process memory. Under certain conditions, the key recovery process might not work as it should, because the prime numbers might be reused by the process that created them or overwritten. In other words, it is important to try this application as soon as possible after getting infected.
Once launched, WanaKiwi starts searching for the public key and then looks for the prime numbers in the address space of the "wnry.exe" or "wcry.exe" processes, if the process name is not passed as a parameter. If the keys are found, the private encryption key can be then reconstructed and the locked files can be decrypted.
The application does not alter the original encrypted files (ending in .WNCRY); instead, it saves the decrypted files in a separate location. It is advisable you create a backup of these files as soon as possible and then reinstall a fresh copy of Windows on your PC.
To fool the ransomware virus, WanaKiwi builds the DKY files and sends them to the cyber criminals. This way, WanaKiwi blocks any future attempts of WannaCry to encrypt more files.
While it might not work in some cases, WanaKiwi remains a good alternative as a post-infection solution. The cyber security division of Europol tested this application and certified that it carries out the recovery process in some circumstances.
Advisory note: Due to its decryption method that scans the original process of the ransomware in the attempt to retrieve the keys, WanaKiwi might be detected as harmful by some antivirus applications. It is advisable you read more about the application and how it works before using it.
WanaKiwi 0.2
add to watchlist add to download basket send us an update REPORT- runs on:
-
Windows 2008 R2
Windows 2008
Windows 2003
Windows 7
Windows Vista
Windows XP - file size:
- 349 KB
- filename:
- wanakiwi_0.2.zip
- main category:
- Security
- developer:
- visit homepage
ShareX
Context Menu Manager
Zoom Client
calibre
Windows Sandbox Launcher
4k Video Downloader
Microsoft Teams
IrfanView
7-Zip
Bitdefender Antivirus Free
- IrfanView
- 7-Zip
- Bitdefender Antivirus Free
- ShareX
- Context Menu Manager
- Zoom Client
- calibre
- Windows Sandbox Launcher
- 4k Video Downloader
- Microsoft Teams