Insidious Petya ransomware defeated, decryption tools released

Malware keeps getting nastier all the time, and ransomware in particular seems to be running rampant right now. The good news is that the good guys continue to fight back. This week, they scored a major victory against a particularly nasty strain of ransomware called Petya.

Most ransomware we’ve seen so far has been content to rifle through the contents of your hard drive and encrypt anything it thinks you might care about — documents, photos, and even game saves in some cases. Petya takes things a step further, borrowing a trick from the early days of malware.

Not only does Petya encrypt your files, but it also scrambles the master boot record on your drives. That’s seriously bad news for Petya’s victims, because it renders everything on their drives completely inaccessible. At least, it did.

Things changed this week when some incredibly handy software was released. A fellow going by the name Leostone released a web-based tool that is capable of figuring out what your Petya encryption key is. It requires a few steps, but as long as you follow the directions this tool really will help you decrypt your files.

It requires a bit of help, though, and that’s where a second piece of software comes in to play. Emsisoft’s Fabian Wosar figured out a way to pull some important information off of Petya-infected drives. He calls his tool, appropriately enough, Petya Sector Extractor. Pop your drive in an external dock, hook it up to a clean computer, and run it.

Paste the information Wosar’s tool pulls from your encrypted drive into Leostone’s web app, and you’ll have a working key within a few minutes. Hook the drive back up to the system you pulled it out of, boot it up, and punch in your key.

Numerous reports on Bleeping Computer indicate that this one-two punch is doing the trick, and that’s great news for anyone who still hasn’t implemented a rock-solid backup routine.

Leave a Reply

Captcha image