Wcry is a free ransomware decryption tool for Windows XP

Costea Lestoc By: Costea Lestoc
2 minute read

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

A security researcher found a way to retrieve the encryption keys used by the WannaCrypt (AKA WannaCry) ransomware without paying the ransom of $300. This is big because WannaCry uses Microsoft’s built-in cryptographic tools to do what it needs to do. While Windows XP was not widely affected by the cyber-attack, the following technique may be applied in the case of other ransomware infections.

Wcry, now available on Windows XP

The tool is called Wcry and it plucks the key right out of the affected system’s memory. This solution is currently available for Windows XP and only when the PC in question hasn’t been rebooted or its memory overwritten.

Wcry was developed by Adrien Guinet, a French researcher, who posted the solution on GitHub for free.

How it works

According to Guinet, the software has only been tested under Windows XP and it runs perfectly. The note found next to the app also reads that “in order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!


For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

In Windows XP, there is a flaw which prevents the erasure of the keys from the memory and this flaw is lacking from newer operating systems. It is important that the prime numbers are still in the memory.

Guinet says that:

This software allows to recover the prime numbers of the RSA private key that are used by Wanacry. It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory.

As you can use the tool for more ransomware infections, it will prove to be very useful for providing tech support.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Mozilla adds alerts about recently breached sites into Firefox browser

Giles Ensor avatar. By: Giles Ensor
3 minute read

Firefox has announced that it will start to warn users if they visit any breached sites. This is in an attempt to not only make […]

Continue Reading

More uncertainty for Microsoft’s Windows 10 October Update

Giles Ensor avatar. By: Giles Ensor
3 minute read

Oh dear. It’s been a pretty bad month for Microsoft concerning its Windows 10 October 1809 Update release. Microsoft eventually released the update a couple […]

Continue Reading

Confirmed: Microsoft now accepting ARM64 apps on its Store

Giles Ensor avatar. By: Giles Ensor
2 minute read

Yesterday, Microsoft released Visual Studio 15.9. With it came the announcement that “developers now have the officially supported SDK and tools for creating 64-bit ARM […]

Continue Reading