DontCry – The WannaCryptor 2.0 Decryption and Removal Tool

This utility allows machines infected by the WannaCry ransomware to recover their files.
DontCry is based on wanakiwi which makes possible for lucky users to :

  • Recover the private user key in memory to save it as `00000000.dky`
  • Decrypt all of their files

The primes extraction method is based on Adrien Guinet’s wannakey which consist of scanning the WannaCry process memory to recover the prime numbers that were not cleaned during CryptReleaseContext().

Limitations of wanakiwi

Given the fact this method relies on scanning the address space of the process that generated those keys, this means that if this process had been killed by, for instance, a reboot – the original process memory will be lost. It is very important for users to *NOT* reboot their system before trying this tool.
Secondly, because of the same reason we do not know how long the prime numbers will be kept in the address space before being reused by the process. This is why it is important to try this utility ASAP.

This is not a perfect tool, but this has been so far the best solution for victims who had no backup.


Windows XP, Windows 7 and Windows 2003

With BIG thanks and love to:
@msuiche, @halsten, @malwareunicorn, @adriengnt, @dsahoo90, @th3snehasish, Niladri Bihari Mohanty

[button color=”” size=”” type=”square” target=”” link=””]Download DontCry Tool from our GitHub Page.[/button]

We are coming up with the walk through very shortly.

What do you think?

0 points
Upvote Downvote

Written by Snehasish Nayak

Google Top Contributor (Allo, Duo), a Local Guide, and Founder of TechIncludes. Follow me on twitter @Th3Snehasish.

Microsoft Surface Pro 5 – This Isn’t Just a Processor Change!

Google Jamboard – The Weirdly Re-Imagined Whiteboard!