All Products
Search
Document Center

WannaCry one-click decryption and repair tool

Last Updated: Nov 04, 2019

WannaCry ransomware

WannaCry, also known as Wanna Decryptor, is a worm-like ransomware. It has broken out worldwide and infected 300,000 computers in at least 150 countries, with total damages of $8 billion.

WannaCry proactively propagates through the vulnerabilities of port 445 in Windows operating systems and can replicate itself. It encrypts almost all types of files, including photos, images, documents, audios, and videos in the infected computers and renames them by appending the “. WNCRY” file extension. The WannaCry ransomware also leaves a plaintext ransom note asking the victim to pay bitcoins.

Decryption method

After analysis and research, the Alibaba Cloud security team discovered a decryption method and released the one-click decryption and repair tool against WannaCry.

Tests prove that this tool can restore the files that have been encrypted by the WannaCry ransomware. The following describes how to download and use the free decryption tool to release your computer from the virus.

Note: Currently the tool only support Chinese.

Prerequisites

  • Your operating system has not been restarted after being infected with WannaCry.

  • You are using ECS instances or local servers running on Windows Server 2003 and Windows Server 2008.

Procedure

  1. Download the WannaCry decryption tool to the infected Windows server or PC.

  2. Double-click Wanna-CryDecryt-Tool.exe to run the decryption tool.

  3. Click Restore Files.
    Please wait while the program is running. This step may take several minutes.

  4. Click Clear Virus.
    Please wait while the program is running. This step may take several minutes.

Note

  • Encrypted files can be successfully restored in most cases. Data may fail to be restored because the encrypted data in the memory has been overwritten. File decryption and repair failures do not affect the running of the operating system.

  • We recommend that you immediately use this decryption tool to recover data preferentially instead of turning off your computer, restarting your operating system, or manually killing the virus after infection.

  • This decryption tool is developed based on the encryption method of the WannaCry ransomware. It is applicable to all Windows operating systems.