Original Petya Ransomware Decryption Key Released

Image via Matlab Guru

Image via Matlab Guru

The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted files.

According to researchers, the author of the original Petya ransomware, which goes by the pseudonym Janus, made the key available on Wednesday.

Further analysis of the master key by Kaspersky Lab research analyst Anton Ivanov confirmed the key unlocks Petya ransomware and early versions the GoldenEye ransomware.

GoldenEye ransomware was first created by Petya author Janus in 2016. It was the fourth version based on the Petya code. This year, the compiled application was stolen and modified by another threat actor.

That latest version of the malware, based on pirated GoldenEye code, was believed used in last month’s wiper outbreak that originated in the Ukraine. Unlike previous versions, this version lacked the ability to decrypt effected systems and was considered wiper malware. It goes by various names such as Not Petya, ExPetr, Eternal Petya, and sometimes GoldenEye.

Petya is crypto-malware that is known for targeting a victim’s Master Boot Record instead of files stored on the computer, network shares or backups that the computer may have access to. The ransomware has demanded around $400 in Bitcoin for the decryption key.

Petya’s author subsequently updated the ransomware preventing those earlier decryption tools from working.

With this new decryption out there, hopefully people affected will be able to get their data back.

(Story via Threat Post)