Home Security 'WannaKey' and 'WanaKiwi' can decrypt Wannacry – in very specific circumstances

'WannaKey' and 'WanaKiwi' can decrypt Wannacry – in very specific circumstances

A Comae Technologies blog post by Matt Suiche, who describes himself as a “Hacker, Microsoft MVP and Founder of @comaeio” has arrived, entitled “WannaCry - Decrypting files with WanaKiwi + Demos.

Confirmed to work with Windows XP x86 and Windows 7 x86, the tool has serious caveats but shoud also work for Windows 2003, 2008, 2008 R2 and Windows Vista.

The blog post starts off by stating:

“In Short
DO NOT REBOOT your infected machines and TRY wanakiwi ASAP*!
*ASAP because prime numbers may be over written in memory after a while.”

This means that anyone infected by the Wannacry ransomware can use the decryption tools linked below to scour a computer's memory to find the ransomware's encryption and decryption key, and to then use that key to decrypt encrypted files. It depends on you not rebooting your comptuer, and it depends on timely usage of the decryption tools, so it's not a magic bullet fix for all Wannacry infections.

That said, if used quickly, it could well help you decrypt your files quickly and easily - but please, if you haven't patched your Windows XP through Windows 7 computers yet, please do so immediately!

More detail continues below.

Suiche notes that “Adrien Guinet" published a tool called "Wannakey" to perform RSA key recovery on Windows XP. His tool is very ingenious as it does not look for the actual key but the prime numbers in memory to recompute the key itself. In short, his technique is "totally bad ass and super smart.”

Clicking on the “Wannakey” link above causes the Norton Security on my Mac to state it is a dangerous site, but this may simply be a false positive - but please take caution. 

However, Wannakey worked on Windows XP only, with Suiche updating his blog post to note that "Benjamin Delpy" had released "WanaKiwi" which “works for both Windows XP (x86 confirmed) and Windows 7 (x86 confirmed). This would imply it works for every version of Windows from XP to 7, including Windows 2003 (x86 confirmed), Vista and 2008 and 2008 R2. See demos in the below GIFs.”

The WanaKiwi link also brings up a Norton Security warning that the site has security risks, but again, this may well be a false positive.

The GIFs referred to can be found at Suiche’s blog post.

At his Twitter page, Adrien Guinet stated two hours ago at time of publication that:

Twenty hours ago at time of publication, Benjamin Delpy tweeted:

Are Technica has more information here, as does CNET here.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.