Free WannaCrypt decrypter now available as long as you did not reboot your PC

We wrote yesterday that a security researcher, Adrien Guinet from France-based Quarkslab, has found a way to retrieve the encryption keys used by the Wannacrypt ransomware without having to pay the $300 ransom.

His application, WCry, plucks the key right out of the memory of an affected system, but his solution was only available on Windows XP, and if the PC had not been rebooted yet or the memory not been overwritten ie. in very specific and somewhat unlikely circumstances.

Now the solution has been further developed by Matt Suiche and now works with Windows 7 (97% of the infected PCs), Windows 2003 (x86), Vista and 2008 and 2008 R2. It still requires that the PC has not been rebooted.

See it in action below.


The tool,  ‘wannakiwi’ can be downloaded for free here. Read more about it at here.