Home Security 'WannaKey' and 'WanaKiwi' can decrypt Wannacry – in very specific circumstances

'WannaKey' and 'WanaKiwi' can decrypt Wannacry – in very specific circumstances

A Comae Technologies blog post by Matt Suiche, who describes himself as a “Hacker, Microsoft MVP and Founder of @comaeio” has arrived, entitled “WannaCry - Decrypting files with WanaKiwi + Demos.

Confirmed to work with Windows XP x86 and Windows 7 x86, the tool has serious caveats but shoud also work for Windows 2003, 2008, 2008 R2 and Windows Vista.

The blog post starts off by stating:

“In Short
DO NOT REBOOT your infected machines and TRY wanakiwi ASAP*!
*ASAP because prime numbers may be over written in memory after a while.”

This means that anyone infected by the Wannacry ransomware can use the decryption tools linked below to scour a computer's memory to find the ransomware's encryption and decryption key, and to then use that key to decrypt encrypted files. It depends on you not rebooting your comptuer, and it depends on timely usage of the decryption tools, so it's not a magic bullet fix for all Wannacry infections.

That said, if used quickly, it could well help you decrypt your files quickly and easily - but please, if you haven't patched your Windows XP through Windows 7 computers yet, please do so immediately!

More detail continues below.

Suiche notes that “Adrien Guinet" published a tool called "Wannakey" to perform RSA key recovery on Windows XP. His tool is very ingenious as it does not look for the actual key but the prime numbers in memory to recompute the key itself. In short, his technique is "totally bad ass and super smart.”

Clicking on the “Wannakey” link above causes the Norton Security on my Mac to state it is a dangerous site, but this may simply be a false positive - but please take caution. 

However, Wannakey worked on Windows XP only, with Suiche updating his blog post to note that "Benjamin Delpy" had released "WanaKiwi" which “works for both Windows XP (x86 confirmed) and Windows 7 (x86 confirmed). This would imply it works for every version of Windows from XP to 7, including Windows 2003 (x86 confirmed), Vista and 2008 and 2008 R2. See demos in the below GIFs.”

The WanaKiwi link also brings up a Norton Security warning that the site has security risks, but again, this may well be a false positive.

The GIFs referred to can be found at Suiche’s blog post.

At his Twitter page, Adrien Guinet stated two hours ago at time of publication that:

Twenty hours ago at time of publication, Benjamin Delpy tweeted:

Are Technica has more information here, as does CNET here.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.