Promises to help remove the WannaCry infection on computers running Windows XP, but only if they haven’t been rebooted after the initial attack.
- Wannakey
- Version :2.2
- License :Trial
- OS :Windows All
- Publisher :Adrien Guinet
Wannakey Description
WannaCry – the world-scale ransomware cyber attack that is on everyone’s lips right now and will probably go down in history as one of the most harmful types of malware to have ever existed.
So much so that Microsoft has even rolled out an emergency update patch for Windows XP in order to prevent future or ongoing attacks of the already-infamous ransomware. Sadly, in spite of Microsoft’s attempts to protect XP users, there are still lots of computers that ended up infected.
If your computer’s running Windows XP and it hasn’t been restarted after a possible WannaCry attack, then this tool might just be your best bet
That said, if you’re an XP user and your computer has been hit by WannaCry, whatever you do, DO NOT REBOOT it. We say this because you might still have a chance at recovering your data without having to pay the 300 dollars ransom.
Developed by one proactive French security research that goes by the name of Adrien Guinet, Wannakey is a tiny tool that should be able to recover the ransomware prime numbers of the RSA key that’s used by WannaCry on your computer. We’re pointing out once again that it only works if you haven’t rebooted your computer after the infection.
Requires you to follow a fairly straightforward set of procedures and its success rate might have to do with luck more than with anything else
Of course, it goes without saying that it can’t be expected of this tool to have an outstanding success rate. Hence, pray that you’re a lucky person and hope that the associated memory has not been moved or deleted.
Right, here’s what you need to do: first off, make sure that Microsoft Visual C++ Redistributable Package 2013 is present on your computer’s system. Secondly, you need to locate the process identifier of the wrcy.exe (WannaCry) process using the Task manager, and locate a certain 00000000.pky file.
Now, download the utility from our servers and launch it using your computer’s CMD by using your own custom expression based on this example: “search_primes.exe PID path\to\00000000.pky”. The priv.key file will be generated in the current directly, of course, if a valid prime number is found in your computer’s memory.
Fingers crossed and good luck!
Successful at recovering the RSA private keys? You can try decrypting and recovering your files with the help of WanaFork