WannaCry Ransomware Decryption Tool

Decryption Tool Released For WannaCry Ransomware; Unlock Files Without Paying Ransom

The WannaCry ransomware has infected thousands of computer systems around the world. Less than a week after the WannaCry ransomware rapidly spread across the world, a French security researcher released a tool on Thursday that gives Windows XP users a chance to decrypt and save their files from oblivion.

The tool has been created by Adrien Guinet, a French researcher from Quarkslab. He has posted the source code and the tool on GitHub to enable the victims to take advantage of its benefits.

Here’s what the developer of Wannakey had to say about his tool on the GitHub page:

This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every cases!”

UPDATE: Forget the above statement, this has been successfully tested with wanakiwi up to Windows 7.

Good news is that another security researcher, Benjamin Delpy, developed an easy-to-use tool called “WanaKiwi,” based on Guinet’s finding, which simplifies the whole process of the WannaCry-infected file decryption.

All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd).


  1. Download wanakiwi here
  2. wanakiwi.exe needs to be in the same folder as your .pky file when you launch it
  3. Cross fingers that your prime numbers haven’t been overwritten from the process address space.

WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008, confirmed Matt Suiche from security firm Comae Technologies, who has also provided some demonstrations showing how to use WanaKiwi to decrypt your files.

However, this method comes with some limitations and will work only if:

  • The affected computer has not been rebooted after being infected.
  • The associated memory has not been allocated and erased by some other process.

Also Read: Google Play Protect Will Keep the Android Device Secure from all Threats

For the latest tech news and reviews, follow TechInfected on Facebook, Twitter, and subscribe to our YouTube channel.

Facebook Comments