According to
The Hacker News, Adrien Guinet, a security researcher for Quarkslab, has been able to make use of a flaw in the way WannaCry operates, thus allowing him to create a decryptor. In essence, the ransomware generates a pair of keys on the victim's computer - a public and private key for encryption / decryption - which rely on prime numbers. Although WannaCry erases the keys from the system, thus forcing the victim to pay $300 to the cybercriminals, there's a catch. Guinet says that the malware "does not erase the prime numbers from memory before freeing the associated memory." Using this information,
Guinet created WannaKey, which attempts to retrieve the prime numbers. It only works on Windows XP, and to work, needs two conditions to be met: the computer mustn't have been restarted post-infection, and the associated memory mustn't have been erased or allocated by some other processes. Even if your situation ticks all the required boxes, his solution "might not work in every case!", according to the researcher.
Luckily, building on Guinet's find, researcher Benjamin Delpy has created
WanaKiwi. This decryptor works in the same fashion as WannaKey, but is compatible with Windows XP, Vista, 7, Server 2003, and Server 2008, and needs to be run via the command line. Matt Suiche of Comae Technologies has offered
a few examples of how to manually decrypt your WannaCry-affected files using WanaKiwi.