WannaCry worm that plagued many computers around the world apparently can be decrypted without the $600 ransom payment. Adrien Guinet, a French researcher claims that he has found a solution for WannaCry file encryption for Windows XP systems. He was able to discover the prime numbers that make up the WannaCry private key. A private key is sold to infected victims in order to decrypt the files.
I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system #wannacry!! pic.twitter.com/QiB3Q1NYpS
— Adrien Guinet (@adriengnt) May 18, 2017
In order for this solution to work your PC must not have been rebooted after the infection. WannaCry does not erase the prime numbers from memory before it frees associated memory. So, if that’s the case and associated memory haven’t been reallocated, a prime numbers could still be in memory.
Guinet managed to decrypt his files using these prime numbers that were still located in memory. His software called “Wannakey” has been released to the public and you can use it for free. Have in mind that Wannakey software has not been tested on a very large number of computers so it’s hard to say that it will work for everyone.