On April 9, the author of the "WannaRen" ransomware actively contacted Huorong, a Chinese network security provider, and provided decryption keys for his virus.
After analysis by Huorong engineers, the key is verified to be valid. If you unfortunately get the virus, you can check the key at the end of the article.
(The text "Huorong Studio****@huorong.ltd" is the user's private mailbox)
This morning, a Huorong user tried to contact the author of the "WannaRen" ransomware via email for more information on the grounds of decryption.
After the Huorong user was asked to pay bitcoin as a ransom and was refused, he actively provided the virus decryption key and asked the Huorong user to forward the key to the Huorong team to create a "corresponding decryption program."
As can be seen from the above email, after the virus author communicates in English, he also uses Chinese for communication. In addition, Huorong previously disclosed that the virus was written in easy language. The author is very likely to be Chinese.
At this point, as the event fermented, various media and security vendors conducted a large number of exposure and traceability investigations. Up to now, the Bitcoin wallet provided by the virus author has not received any ransom, and the author has stopped issuing and disseminating "WannaRen "Ransomware virus.
Attached 1. WannaRen ransomware decryption key
----- BEGIN RSA PRIVATE KEY -----
MIIEowIBAAKCAQEAxTC / Igjuybr1QbQ1RmD9YxpzVnJKIkgvYpBrBzhsczHQ8WeC
7ikmC5jTbum1eCxTFTxvtnONEy2qDbnSS5fbK / lxYExj6aDLKzQxXCOVSdSQCesW
g1i5AAdUC9S246sdS9VKxT0QL24I + SG + ixckBhcB + ww6z47ACegoH0aLDwvRvehZ
Ycc1qFr1lhRXQpHunrlg4WRphH5xBbszOI + dFRDOpprnbN56CHoLb0q1SzzV3ZFA
FF6Df68Pux1wMHwEXbULRHo5AIZJPJq8L9ThWVsj6v42jAjJQ8m8bRh0 + Jz4Rohk
WwPgL + VFxDG2AiiCU5 / yLNoQX0JM9VWBxy6Z3QIDAQABAoIBADi / KoH06CMNtn7O
CXbTepgGiKKcCVGMTHak8OgHCM6ty19tVnSLSvOTa2VDxIFs4AwAdHWhEzwtq / 5 /
N1GhxeUFx + balPYq28z3HC1T4CZ7EWiJStVJtxOXCEzPTkJ + f9PO8dGJHRtJIzPu
zhLg + fD2tg81GceZYRJ4yPMXLfWKA5DmGkRv / 1Usq5zvMClLdrmw / q2rnCbRLdeE
EAzSAi9kqsnEaZKfCbXb / gby + bUwAgn7mxs + CJ611hzD / r2w9dgXkaUJYuKRRv + B
GlQHBRQ7hXogkIzeaGqmw8M3xko7xzADsytFYxt2Kthuww2YV4E6Q1Hl4bBW0q + g
w + jSolECgYEA0Tnns + LaqMd5KCQiyWlCodQ2DtOMOefhIrJbRhdAkAq6FtVICxkL
nIJL0gmo4T / zDaMr8vsn7Ck + wLjXUsYt1 / EulLtVnuH76FU0PkjJqBdre5Gjf23 /
YGHW7DJEoH3p / 7DIgV4 + wXPu6dD + 8eECqwm1hLACOxkfZnOFZ1VGxeMCgYEA8UYH
jaA69ILlz0TzDzoRdTmam6RDqjsVO / bwaSChGphV0dicKue25iUUDj87a1yLU5Nq
t0Kt0w1FL / iile1Eu4fe4ryukPGw2jAZh / xq7i2RRSFLXim5an9AbBVQ55478AJa
sTaIOSoODgBspsBLShnXQRKEfwYPv2GthhcJLT8CgYAssRDERQ3uBYXkxCtGGJzq
Enllm1yVtelKTwzeIPNikVgErpRQAo6PZOmrOPMBAnb5j8RAh9OUR48m / ZTJEpoS
SWtoy8dTQ / RaQXECaOviYvZLk + V3v9hQDzYoh + hO2 / aS7oE12RrQmeILwd / jbOvz
+ wPyDuK7GvexG7YAR5 / xfwKBgQCA8p6C0MnxeCv + dKk60BwYfKrm2AnZ5y3YGIgw
h2HS5uum9Y + xVpnnspVfb + f / 3zwPdNAqFZb1HziFBOtQGbkMSPeUUqcxjBqq4d4j
UYKMvQnQ2pR / ROl1w4DYwyO0RlteUMPLxotTkehlD1ECZe9XMSxb + NubT9AGxtuI
uLMM3QKBgGl0mYCgCVHi4KJeBIgabGqbS2PuRr1uogAI7O2b / HQh5NAIaNEqJfUa
aTKS5WzQ6lJwhRLpA6Un38RDWHUGVnEmm8 / vF50f74igTMgSddjPwpWEf3NPdu0Z
UIfJd1hd77BYLviBVYft1diwIK3ypPLzhRhsBSp7RL2L6w0 / Y9rf
----- END RSA PRIVATE KEY -----