WannaCry - Decrypting files with WanaKiwi + Demos
Contents
Working Windows XP & 7 demos. #FRENCHMAFIA
Read More: Part 1âââPart 2âââPart 3âââPart 4âââ@msuiche (Twitter)
In Short
DO NOT REBOOT your infected machines and TRY wanakiwi ASAP*!
*_ASAP because prime numbers may be over written in memory after a while._
Frequently Asked Questions
Here.
Usage
You just need to download the tool and run it on the infected machine. Default settings should work.
Usage:
wanakiwi.exe <PID>
- PID (Process Id) is an optional parameter. By default, wanakiwi automatically looks for
wnry.exeor
wcry.exeprocesses so this parameter should not be required. But in case, the main process has a different name this parameter can be used as an input parameter.
Donât cry yet.
UPDATE: Actually, wanakiwi from Benjamin Delpy (@gentilkiwi) works for both Windows XP (x86 confirmed) and Windows 7 (x86 confirmed). This would imply it works for every version of Windows from XP to 7, including Windows 2003 (x86 confirmed), Vista and 2008 and 2008 R2. See demos in the below GIFs.
Wannakey
Yesterday, Adrien Guinet published a …
Read More: Part 1âââPart 2âââPart 3âââPart 4âââ@msuiche (Twitter)
In Short
DO NOT REBOOT your infected machines and TRY wanakiwi ASAP*!
*_ASAP because prime numbers may be over written in memory after a while._
Frequently Asked Questions
Here.
Usage
You just need to download the tool and run it on the infected machine. Default settings should work.
Usage:
wanakiwi.exe <PID>
- PID (Process Id) is an optional parameter. By default, wanakiwi automatically looks for
wnry.exeor
wcry.exeprocesses so this parameter should not be required. But in case, the main process has a different name this parameter can be used as an input parameter.
Donât cry yet.
UPDATE: Actually, wanakiwi from Benjamin Delpy (@gentilkiwi) works for both Windows XP (x86 confirmed) and Windows 7 (x86 confirmed). This would imply it works for every version of Windows from XP to 7, including Windows 2003 (x86 confirmed), Vista and 2008 and 2008 R2. See demos in the below GIFs.
Wannakey
Yesterday, Adrien Guinet published a …