A free tool released by ESET ‘to help combat the recent ransomware, WannaCry (WannaCryptor).’
The press release goes on to say that:
ESET’s EternalBlue Vulnerability Checker can be used to determine whether your Windows machine is patched against EternalBlue, the exploit behind the WannaCry ransomware epidemic that is still being used to spread cryptocurrency mining software and other malware.
This obviously isn’t the only way to check, and it may not be the only tool of its kind out there – I haven’t been looking for such a tool. And clearly, checking for a specific vulnerability isn’t a substitute for a sound patching strategy, or for using security software that detects malware (including WannaCryptor) reasonably reliably. But while I haven’t tested it personally, I’d be very surprised (in view of my longstanding association with ESET) if this tool didn’t do what it says on the tin, so some people and organizations might well find this useful.
Wannacry in-memory key recovery for WinXP – Adrian Guinet warns:
“This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected.
Please also note that you need some luck for this to work (see below), and so it might not work in every cases!”
However, wanakiwi claims to have tested it successfully with versions up to Windows 7, but points to some alternative information. WannaCry — Decrypting files with WanaKiwi + Demos
Dan Goodin for Ars Technica: Windows XP PCs infected by WCry can be decrypted without paying ransom – “Decryption tool is of limited value, because XP was unaffected by last week’s worm.”
John Leyden for The Register: There’s a ransom-free fix for WannaCrypt. Oh snap, you’ve rebooted your XP box – “Sooo… that’s not gonna work for you mate”
Unusually, Microsoft has provided a patch for systems that are no longer supported, but are vulnerable to the Microsoft Security Bulletin MS17-010 flaw exploited by WannaCryptor (a.k.a. WannaCrypt among other names). These include Windows XP, Windows 8, and Windows Server 2003. A patch for later operating systems (i.e. those versions of Windows still supported) was made available in March 2017.
If you didn’t take advantage of the patch for Windows 8.1 and later at the time, now would be a good time to do so. (A couple of days earlier would have been even better.)
If you’re running one of the unsupported Windows versions mentioned above (and yes, I appreciate that some people have to), I strongly recommend that you either upgrade or take advantage of the new patch.
Microsoft’s announcement is here: Customer Guidance for WannaCrypt attacks, with links to the update and further information. Detection of the threat has also been added to Windows Defender.
Kudos to Microsoft for going the extra mile…
Additional analysis and/or commentary by ESET – Huge ransomware outbreak disrupts IT systems worldwide, WannaCryptor to blame, Malwarebytes – The worm that spreads WanaCrypt0r, and Sophos: Wanna Decrypter 2.0 ransomware attack: what you need to know. Among other vendors, of course. [Added subsequently: Symantec – What you need to know about the WannaCry Ransomware]