Skip to main content

Fix for 'WannaCry' ransomware now available, but it's fairly limited

It's been a week since the massive WannaCry ransomware attack spread to hundreds of thousands of computers around the globe, but now there's a fix for at least some of those impacted. The catch? It only works on computers running Windows XP through Windows 7 who haven't rebooted their computers since the infection (via CNET).

Called WanaKiwi, the fix was put together by security researcher Benjamin Delpy and is available on Github. Once initiated, WanaKiwi searches through your computer's memory for the prime numbers used as a basis for the encryption. From there, WanaKiwi generates a decryption key using the prime numbers it retrieved, allowing you to recover your files. The method is based on an earlier tool called WannaKey, developed by researcher Adrien Guinet.

The downside of the WanaKiwi is that, since it depends on scouring your computer's memory, it can only work if you haven't rebooted since your machine was infected by WannaCry. Since memory is wiped upon reboot, the prime numbers WanaKiwi searches for are no longer retrievable.

WannaCry ransomware: Everything you need to know

The vast majority of PCs out there should already be protected against the exploit that WannaCry and its copycats rely on. However, businesses that haven't updated their machines with the fix Microsoft released in March were the most heavily impacted, and WanaKiwi represents a potentially easy fix going forward. And though the tool only works from Windows XP through 7, Windows 7 actually represented the overwhelming majority of PCs hit by the ransomware.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

40 Comments
  • On the bright side, this might help MSFT reach 1 billion Win10 devices.
  • ;-)
  • Maybe it was Microsoft all a long.
  • Clearly Microsoft used people running pirated copies of XP and a few poorly managed enterprise clients to get all this publicity.
  • excuse me? Even 7 and 8 without updates.... and NO.. you neither I dont know the "truth". I suspected Microsoft from the begining. They can make a big profit from attacks like this.. but only if W10 wont be affected
  • Hilariously wrong.
  • I got some cheese 🧀 for that wine 🍷
  • Tinfoil hat alert
  • No kidding!! It's amazing anyone (14 conspiracy nuts & counting on my post) believe Microsoft had anything to do with this.
  • Hahaaha I read your joke and laughed cuz that's the first thing I said when I heard about this (jokingly) ...suddenly I read the comments below and realize that some people on these comment sections need to get out more =D
  • Getting out once may or may not help. That Jones guy will tell them the CIA start's tracking them if they leave the house.. :)
  • ..and I didn't see your post before I made my tin foil hate comment.
  • Tin foil hat time!
  • Nah, if anything it will wake people up, that those annoying updates can help block something.... This is if they are on 7 8 or 10 People disable them because they are a pain in the a$$...
  • Come on, what hogwash. Do you guys really think Microsoft would send FedEx Corp into turmoil. Such ludicrous comments should not be listed on this forum. Already sufficient information exists and is being investigated pointing to KIM JUNG UN'S North Korean regime. JC
  • That's bullsh*t.... Another fake evidence!
  • haha, of course its Kim... blame everything on him because he has rockets like Saddam had... wake up
  • lol...since you brought up Saddam and fake narratives, I was going to insert something about "having his yellow cake and eating it too"
  • Kim jung ? Lol
  • It's the hospitals fault for using a discontinued os to store sensitive information
  • It's the hospitals fault for using a discontinued os to store sensitive information AND allowing that OS to run email AND have Windows networking turned on AND allowing the PC to have internet access. If you really have to use an old OS - at least lock it down so only the old software runs on it.
  • >It's the hospitals fault for using a discontinued os to store sensitive information DO you acutally know what hospital software costs ? Do you even have a CLUE ?  I hate these posts from morons who just assume they know EVERYTHING. I hope that does you well in the rest of your life. A large hospital on Long Island NY,  as I do consulting (the sofware company)for them time to time. They had a main hospotial and 12 remote offices.  The software includes install, testing, compatabity with their processes (a 8 month process alone), 6 MONTHS of on site support techs (this is about 25 people on the main hostpitall and at least 1 on each remote). This allowed them to get off of older XP computers and get to Windows 7 (at the time) with updated hospital software. This software covers everything that their old terminal bases software did.  Trust me when I say it, older DOCTORS do not like change. The cost for this "SMALLER" hospital in the market was about $14.9 million dollars. Now you get a smaller hospital, that is state or goverment managed (like overseas where this hit), getting the funds to change software to update a OS (as the current software works fine). is something wont happen till the software cant run any more. This is why when you go into the hospital that aprin you need cost $200. Please get a f'n clue before spitting your mouth out. It's a lot more than most people think and a cost like that would bankrupt a lot of NEEDED hospitals.
  • They could have a internal network not connected to internet for older computer. Create a firewall kinda thing with internet only going to them with newer os. They can do this fairly cheap.
  • No need to be so cranky
  • Not being cranky, stating facts. People on this site all say ALL THE TIME  "it's so and so's FAULT for not updating" when most of them have a clue. 
  • Then lock it down. Because now this is costing them ALOT more than it would have to upgrade their system. This is a prime example of trying not to spend the money originally. To end up costing alot more in the long run. Windows XP was discontinued along time ago. Heck MS is ending support for certain CPU on Windows 7 now. The writing was on the wall years ago. But this is what happens when you cover that writing with public toilet paper.
  • But he's still right. And no, the software isn't why asprin costs $200. Anything that is old and can't receive security updates should not be connected to the internet. Doing so is knowingly exposing your computer to a significantly higher risk.
  • True. I still love and occasionally use XP - OFFLINE. Rebelling against Windows 10 (or being lazy) by putting everything on my network at risk by using a really old OS, outdated software, hardware, and so forth... no way in hell I'd do that.
  • For people outside the US when you go into the hospital that aspirin you need is completely free, as are all your treatments and hospital stay.
  • Sure, and that is why they are not updating their software.  No budgets. Free heathcare is not free.
  • Just reformat. People only use their pc for pictures nowadays. Majority backs up,and post them on facebook, social media.
  • Really, you do realise that hospitals and businesses can't do that don't you as it would cause a massive amount of disruption on top of the disruption caused by the initial infection. That might be alright if all you use your PC for at home is Pictures but not for businesses. People use their PCs for far more than Pictures and no, the majority DON'T have backups.
  • Now i understand, nobody codes for "free", whether the "good" guys, or the "bad guys"...
  • WanaKiwi? Lol sounds like someone trying to say, "Want a kiwi?"
  • Man I guess I was a lucky one who didn't get affected by the "Wannacry"
  • Cool, sent it to a ton of people in our company. We do use SOME UN-UPDATED (no choice because of the software it runs) XP and 7 devices.  If they were updated or patched, they would break the applications.
  • Yes I wannacry.
  • Dan, what about Athena / Hera spyware that affects winXP to win10? No article on that?
  • It's probably from their own personal computers in some cases with XP or 7 without fix updated but instead of Win 10 because there's not affecting yet...
  • So far the spyware that affects all windows systems as in windows 10 included, are required to be installed in the system in order to function. on the other hand wannacry, I believe its time to upgrade to windows 10 and move on people, stop being stupid then again some people just can't be helped.