Partially good news for Window 7 users hidden by WannaCrypt ransomware. A decryptor for encrypted files, that can obtain the required key is available for Windows XP and Windows 7.
I’ve introduced a first Decryptor for Windows XP this morning (see Wannacry: first WCry-Decryptor for Windows XP). Then Matt Suiche, hacker, security specialist and MVP colleague has published a blog post WannaCry — Decrypting files with WanaKiwi + Demos.
WanaKiwi also for Windows 7
The tool WanaWiki uses the same techniques as wannakey from Adrien Guinet to extract prime numbers left from the ransomware within memory.
— Benjamin Delpy (@gentilkiwi) 19. Mai 2017
The tool is available at GitHub and runs from Windows XP up to Windows 7 (also Vista and Server 2003/2008 and R2). It’s sufficient, to download wanakiwi to an infected machine and launch wanakiwi.exe per. The program will automatically look for the 00000000.pky, and extracts the primary number. Wanakiwi also recreates the .dky files expect from the ransomware by the attackers, which makes it compatible with the ransomware itself too. This also prevents the WannaCry to encrypt further files. Further details may be read at Matt’s blog post.