Decrypt Wannacry ransomware in 2 Seconds With this Code
Ransomware WannaCry
Decryption Code
Ransom Ware attack (largest in history) hit over 200,000 computers across the world.
If you are suffering from same.
Here is the Code to decrypt WannaCry Ransomware
WNCRY@2OL7
Some More Useful Information :
• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to ‘rm’ (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to ‘rm’ (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
Binary blob in PE crypted with pass ‘WNcry@2ol7‘
Cryptography details:
• Each infection generates a new RSA-2048 keypair.
• The public key is exported as blob and saved to 00000000.pky
• The private key is encrypted with the ransomware public key and saved as 00000000.eky
• Each file is encrypted using AES-128-CBC, with a unique AES key per file.
• Each AES key is generated CryptGenRandom.
• The AES key is encrypted using the infection specific RSA keypair.
• The public key is exported as blob and saved to 00000000.pky
• The private key is encrypted with the ransomware public key and saved as 00000000.eky
• Each file is encrypted using AES-128-CBC, with a unique AES key per file.
• Each AES key is generated CryptGenRandom.
• The AES key is encrypted using the infection specific RSA keypair.
If you need Help fixing your computer or decryption . Just Mail me . I will help you fixing it. DO share to help your friends/family.
Comments
Post a Comment