Saturday, 20 May 2017

Hit by WannaCry? There is a decryptor now for XP and Win7.

If you or one of your users have a Windows XP or Windows 7 system and have been hit by the WannaCry ransomware virus, do not despair!

The first thing to do is to warn all users that if they are hit (and their systems are Win7 or XP),

do NOT turn off the system - do NOT reboot it - do not use it - just leave it alone!

The next thing to do is (as quickly as possible) download the decrypting software wanakiwi.exe onto a USB stick (don't use the infected system!), plug it in to the affected system and run it.

If possible, it would be better to make sure every computer had a copy of wanakiwi.exe already on their hard disk because connecting a USB drive may destroy the keys which are left in memory.

More info and an animated GIF of it in action on Windows XP and Windows7 here.

Although this has been demonstrated on a freshly infected system and wanakiwi was run as soon as the ransomware had completed encryption, I am not sure if any cases have been reported yet of wanawiki successfully working in a real life situation...