The master decryption key for the original Petya ransomware is released by Janus who is the author of this ransomware. By releasing this decryption key, the Petya ransomware creator is allowing victims to recover their encrypted files without paying anything.
Petya ransomware decryption key will help to retrieve the files infected by Petya family. The Petya ransomware includes three variants. During system boot, the first version flashed white skull on white background, the second version of Petya came with Mischa ransomware that flashed green skull on the black background and the final version, called as GoldenEye, flashed yellow skull on the black background. All the victims of these three versions of original Petya can retrieve infected files using this master decryption key.
Don’t get confused with Petya and NotPetya (also dubbed as Expetr or Eternal Petya) as both are different, therefore, the victims of devastating NotPetya ransomware are not going to get any benefit from this master decryption key.
Anton Ivanovm, the senior malware analyst of Kaspersky, have performed experiments using Janus’s key and confirmed the Petya master key is authentic. It’s working for all Petya versions including recent GoldenEye.
An independent researcher and programmer, Hasherezade, has posted her findings of Petya ransomware decryption key, on Malwarebytes.
Hasherezade got the tweet linked file that was encrypted and password protected. Furthermore, she guessed the password and decrypted the package with the aid of openssl. The output was as follows:
Here is our secp192k1 privkey:
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the "Personal Code" which is BASE58 encoded.
Now the security researchers are working to develop decryption tools using this master key so that the victims can retrieve their important data from Petya infected hard drives.
Janus has not revealed the motive behind releasing this master key. Perhaps Janus wants to clarify to the victims of NotPetya that Janus is not responsible for this latest ransomware which has impacted thousands of corporations in Ukraine and 64 more countries.
Let’s see how early the security researchers will make available the decryption tool to download.
Stay tuned to Digital Riser to know more about security threats and solutions.