WannaCry Ransomware Decryptor Instructions. Restore Your PC and Files

WannaCry Ransomsware Decryptor infographic image

Victims of the dangerous WannaCry ransomware can attempt to recover their files by using a freely available decryptor created by the security community. The utility is designed to restore WannaCry ransomware files and data on some versions of the Microsoft Windows operating system.

WannaCry Ransomware Decryptor Overview

Computer users affected by the WannaCry ransomware can try to recover the affected files by using a ready-made decryptor. The utility has been created by security community that investigated the WannaCry virus soon after the large-scale attack campaign started to infect targets across the world. Its effective only in cases where it is run after the infection has been complete as it relies on a memory issue that is present in the majority of the malware samples. The decryptor is able to crack the code using mathematical functions with prime numbers that can decrypt the cipher. It works by analyzing the process memory of the main virus module which is responsible for creating the public and private key pairs. If the computer is rebooted or shutdown the decryptor will not work as the memory state is lost during a power event.

The WannaCry decryptor is an updated version of an earlier version that works only on Microsoft Windows XP. The revised program works for all versions up to Windows 7 (Windows XP, 2003, Vista and Windows 7). The original encrypted files (with the .WNCRY extension) remain unchanged. All decrypted are created separately, this means that there should be enough disk space on the computer to accommodate the data.

WannaCry Ransomware Decryptor Recovery Instructions

It’s very easy to use start the decryption process by reading our guide. Victims can attempt to restore their computers and recover their data by following three simple steps:

  1. Download The DecryptorClick here to download the decryptor utility from our site. When this is done unzip the archive in a new folder.
  2. Start The Decryptor – In most cases double clicking on the application should automatically start the decryption process. By default the decryptor is configured to target the most common sample configurations used by the hackers in the large-scale attack campaigns. In case this fails the users can specify the WannaCry ransomware PID by opening the task manager and looking for the process. To open it right click on the task bar and choose “Task Manager”. If the application opens in the minimal view click on “More details” and navigate to the “Details tab”.

    Task Manager PID search image
    Once it is acquired hold the shift key and right click on the folder containing the decryptor and choose the “Open command window here” option. This is done by typing wanawiki.exe and the WannaCry ransomware PID .
    Command prompt window image

  3. It is recommended that all files decrypted files are immediately copied to a backup device before the computer is shut down or rebooted, including the generated decryption key saved as a 00000000.dky file.

Refer To Our WannaCry Ransomware Removal Guides

To learn all about the menace refer to our in-depth WannaCry ransomware removal guide. It gives detailed technical information about its behavior.

We explain how users can use an easy to use and powerful anti-malware solution to remove all traces of the WannaCry ransomware, as well as alternative manual removal instructions.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *