Technology 3 min read

Released! Decryption Keys to Original Petya Ransomware

supimol kumying | Shutterstock.com

supimol kumying | Shutterstock.com

On Wednesday, the author of Petya released the master key that will allow victims to retrieve their encrypted files.

To clarify the matter, Petya is not ‘NotPetya‘–the ransomware that recently caused havoc in Ukraine and other parts of Europe. NotPetya, also known as ExPetr and Eternal Petya, targeted hundreds of companies and organizations, even forcing some to stop their operations.

Red Petya
Red Petya | Wikipedia.org

Petya is a crypto-malware that targets the Master Boot Record instead of stored files or network shares that the computer has access to. This ransomware has three variants that affected many systems across the globe–the Red Petya, Green Petya, and the GoldenEye Petya.

In March 2016, the author of Petya, who goes by the pseudo name ‘Janus,’ sold the ransomware as a Ransomware-as-a-Service (RaaS) to other hackers. It was said that Janus gets a cut on every ransom received by the hackers.

#Petya decryption key released by the ransomware author himself! Click To Tweet

Janus published the master key to the Petya ransomware through Twitter and said that it can decrypt all files that have been locked by earlier versions of Petya. Anyone can download the decryption key by following the link Janus attached to his tweet.

However, a victim must have a Petya decryptor tool to be able to use the key.

Hasherezade, a MalwareBytes researcher, confirmed the authenticity of the master key. On Thursday she posted her findings. The researcher said:

“Similarly to the authors of TeslaCrypt, (Janus) released his private key, allowing all the victims of the previous Petya attacks, to get their files back.”

Kaspersky Lab analyst Anton Ivanov also confirmed through his Twitter account that the key released by Janus could unlock Petya ransomware.

According to Janus, Petya has been modified by another threat actor to create NotPetya. However, a team of respected researchers called the grugq believe that NotPetya is not malware, somewhat contrary to what we recently reported. According to the team, NotPetya was not designed to make money. Rather, it was designed to spread fast and cause damage. Grugq tagged NotPetya as a “wiper malware.”

Currently, researchers are still unable to find a solution to the NotPetya malware. However, they are using the Petya master key published by Janus to build free decryptors for victims who still have crypto-locked hard drives.

Will releasing the master decryption key for Petya ransomware be a great opportunity for researchers to find a solution to NotPetya malware? Or, is this just another ploy to divert the attention of security experts?

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comments (0)
Most Recent most recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.