How to Recover files from WannaCry ransomware? (And everything you wants to know)

What is ransomware? How to protect your system from Wannacry ransomware, and how to recover your encrypted files if you are recent victims. Get to know all of these Step by step.
How to recover files from ransomware? : Intelligent computing

Welcome back to intelligent computing, few days back world face largest attack from a ransomware named WannaCry which infected more than half a million computers across more than 150 countries.
Targeted system being healthcare, logistic services specially. Lets take brief overview of this whole game of WannaCry ransomware and get to the solution fast.
First thing first

What is a ransomware virus?

What is a Ransomware? : Intelligent computing

Just like malware, adware, its another type of malicious file/programme written which basically encrypt or make your data inaccessible by various mean and ask for some sort of ransom to unlock or provide access back to you.
These kind of hacker ask ransom in form of Bitcoin which is known as crypto currency for making secret transaction without any traces.

How WannaCry Ransomware started?

NSA discovered some sort of backdoor in Windows XP and other OS of Microsoft, which they had in record and they might use it for some sort of spying on specific people when needed. But some hacker managed to steal those ways and information of backdoor and they in turn created this ransomware to make monies.


How WannaCry Ransomware infect your PC?

More than half a million PC across 150+ countries got infected from Ransomware wannacry : Intelligent computing

WannaCry executable file gets downloaded from email attachment or simply on milicious website that automatically download and execute these on your PC. Another way is network computers, if anyone in your network is infected by this virus, your system is potential target for these ransomware specially .


How to protect yourself from WannaCry?

You can opt for following ways to stay safe from these virus. These are
  1. If possible, stop using windows OS. Yes, you can avoid any chances of any sort of infection forever. Go for Free and powerful linux os and they are a lot user friendly and customizable to the way you want it.
  2. If using windows XP, immediately upgrade your system as well as OS to go to at least windows 7 for now if not windows 8.1 or Windows 10. You should know that Windows XP was discontinued to be supported by microsoft in 2014. This mean, there won’t be any fixes or patches will be provided by Microsoft for this OS, which leads to evolution of this virus. There are lots of softwares which are not out of reach of windows XP and is no longer safe to use.
  3. Update your Windows 7, Windows 8, and All your windows. Microsoft has recently provided patch for this virus in March 2017 windows update. So if you haven't updated yet, please go to Windows update section and up to date all fixes on your OS now.
  4. Stay isolated, in case of any system on your network is infected by these sort of ransomware, immediately disconnect your computer and make it isolate from network by turning off wifi/bluetooth/and disconnecting andy LAN cables ASAP.
  5. If you want to use internet in such case, use USB dongle instead of shared network to stay safe and keep other safe from these.
  6. Keep backups: Your documents/mails/photos can have safe backup on Google drive/Dropbox/oneDrive and so many free cloud services where you can keep all your important files and also keep it safe in external hard drive or other PCs to avaoid any kind of risk of data loss.
    1. Google Drive 15 GB
    2. OneDrive 05 GB
    3. Dropbox 2-10GB
    4. Google photos Unlimited
      Seems like we can freely save 20-30 GB of our important documents and files on cloud and all your movies/songs collection can goes into your external drive.
  7. Stay safe with email attachment. Do not open any email attachment and if you are using Local mail client, configure it not to download attachment automatically or allow only certain file type to be download automatically, not all.

Now most important

How can we recover files from ransomware WannaCry?

First of all, this should be done ASAP after infection is first discovered in system. Chances are you might loose your file permanently if you make even a small mistake and 20% chances are on your luck as well.

First steps

*DO NOT REBOOT* Your infected computer at all.
Disconnect all network links immediately, turn off radio(Wifi/Bluetooth) and disconnect LAN cable connected to your system. Make it offline and isolated ASAP.

Using some USB dongle, or on other system, Download Wanakiwi as per your OS. Its available for windows XP Windows 7 and Windows server as well.

Using USB, put this file on desktop of infected computer if downloaded on some other PC else just save this file on desktop.

How this works?

Wanakiwi basically utilise a flaw in wannaCry itself. Even if we don’t have key for the decryption of files, WannaCry still stores some string of prime numbers which can be used to decrypt files on your infected system.

Problem with this approach is that, this prime number gets stored in volatile storage of your system which might be overwritten or loss if you keep using your system or reboot or sleep your computer.

As soon as you run wanakiwi.exe from your command line by visiting the directory it is placed in, it will automatically start looking for the key.
While it will take some time, it will decrypt all your file if it is succeed in discovering those prime number keys.

See Animation below to follow step by step how you can recover your files.







What next?

WanaKiwi is been tested and works fine in Windows server, windows XP and windows 7 confirmed.
This process rely on discovery of prime numbers from the memories if it is not overwritten by other memories or reused by other process.
That is why it is advisable not to reboot your pc or use your pc which might cause in erase of those number, in such case you’ll lose access to your files.

Bottom line

WanaKiwi is based on a security loophole of this ransomware virus, this won’t work if your PC is been infected for days or been shut down.
In short, spreading this information and having this information on or before attach is most useful for anyone, that is why i am suggesting you to please share this post as much as possible on your friends social media and let them know and stay alert and at least let them know what to do and what not immediately after the attack 
Dheeraj Thedijje

Dheeraj Thedijje

Powered by Blogger.