{"id":2891,"date":"2017-05-19T17:28:00","date_gmt":"2017-05-19T15:28:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2891"},"modified":"2021-09-11T23:36:48","modified_gmt":"2021-09-11T21:36:48","slug":"wannycry-decrypting-mit-wanakiwi-also-for-windows-7","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/05\/19\/wannycry-decrypting-mit-wanakiwi-also-for-windows-7\/","title":{"rendered":"WannaCry: Decrypting with WanaKiwi also for Windows 7"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">Partially good news for Window 7 users hidden by WannaCrypt ransomware. A decryptor for encrypted files, that can obtain the required key is available for Windows XP and Windows 7. <\/p>\n<p><!--more--><\/p>\n<p>I've introduced a first Decryptor for Windows XP this morning (see <a href=\"https:\/\/borncity.com\/win\/2017\/05\/19\/wannycry-first-wcry-decryptor-for-windows-xp\/\" target=\"_blank\" rel=\"noopener\">Wannacry: first WCry-Decryptor for Windows XP<\/a>). Then Matt Suiche, hacker, security specialist and MVP colleague has published a blog post <a href=\"https:\/\/web.archive.org\/web\/20210811134746\/https:\/\/blog.comae.io\/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d\" target=\"_blank\" rel=\"noopener\">WannaCry\u200a\u2014\u200aDecrypting files with WanaKiwi + Demos<\/a>.<\/p>\n<h2>WanaKiwi also for Windows 7<\/h2>\n<p>The tool WanaWiki uses the same techniques as <em>wannakey<\/em> from <a href=\"https:\/\/twitter.com\/adriengnt\" target=\"_blank\" rel=\"noopener\">Adrien Guinet<\/a> to extract prime numbers left from the ransomware within memory. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/wanakiwi?src=hash\">#wanakiwi<\/a> to decrypt <a href=\"https:\/\/twitter.com\/hashtag\/WANACRY?src=hash\">#WANACRY<\/a> files from pieces of key in memory(thanks <a href=\"https:\/\/twitter.com\/adriengnt\">@adriengnt<\/a> for idea)<a href=\"https:\/\/t.co\/7LTTZXXEsB\">https:\/\/t.co\/7LTTZXXEsB<\/a><br \/>XP sometimes,7 if lucky <a href=\"https:\/\/t.co\/3V8gFaIkCF\">pic.twitter.com\/3V8gFaIkCF<\/a><\/p>\n<p>\u2014  Benjamin Delpy (@gentilkiwi) <a href=\"https:\/\/twitter.com\/gentilkiwi\/status\/865427531616231424\">19. Mai 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>  <\/p>\n<p>The tool is available at <a href=\"https:\/\/github.com\/gentilkiwi\/wanakiwi\/releases\" target=\"_blank\" rel=\"noopener\">GitHub<\/a> and runs from Windows XP up to Windows 7 (also Vista and Server 2003\/2008 and R2). It's sufficient, to download <a href=\"https:\/\/github.com\/gentilkiwi\/wanakiwi\/releases\" target=\"_blank\" rel=\"noopener\">wanakiwi<\/a> to an infected machine and launch <em>wanakiwi.exe <\/em>per. The program will automatically look for the <em>00000000.pky, <\/em>and extracts the primary number. Wanakiwi also recreates the .dky files expect from the ransomware by the attackers, which makes it compatible with the ransomware itself too. This also prevents the WannaCry to encrypt further files. Further details may be read at Matt's <a href=\"https:\/\/web.archive.org\/web\/20210811134746\/https:\/\/blog.comae.io\/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d\" target=\"_blank\" rel=\"noopener\">blog post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Partially good news for Window 7 users hidden by WannaCrypt ransomware. A decryptor for encrypted files, that can obtain the required key is available for Windows XP and Windows 7.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[843,844,845,30,832,846,840,17,847],"class_list":["post-2891","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-frenchmafia","tag-wanakiwi","tag-decryptor","tag-tip","tag-wannacry","tag-wannacrypt","tag-wannycry","tag-windows-7","tag-windows-xp"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=2891"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2891\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=2891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=2891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=2891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}