Researcher Creates Decryption Tool for Petya Ransomware Affected PCs
A researcher known on the Internet as Leo Stone has released a tool that allows victims of the Petya ransomware to create a key for free to decrypt their encrypted hard drive.
Using the tool, victims can get their data back without paying 0.99 bitcoin, or more. The tool is called ‘hack-petya’. It is available on GitHub and through a dedicated site. Stone reports on GitHub that he developed the tool because his father-in-law was affected by the ransomware. He does not elaborate on how it works, but only mentions that he uses a genetic algorithm.
To generate the key, it is necessary for the victim to read the hard drive from certain sectors and identify a 512-byte authentication sector and an 8-byte nonce. Since this is difficult for the average user, an Emsisoft researcher named Fabian Wosar has developed another tool called ‘Petya Sector Extractor’.
This makes it easy to connect and read an affected hard drive to a working computer, the site Bleeping Computer reports. The tool can also be downloaded from this site. The data generated by this tool then provides a valid key via the Stone site within ten to thirty seconds. Several users indicate that the hard disk is indeed decrypted.
The Petya ransomware operates primarily in Germany and is distributed by emails to corporate HR departments containing a link to a malicious Dropbox file disguised as a portfolio. If the user opens the file, the computer will restart and the chkdsk process will run. In reality, the ransomware encrypts the system in the background, after which it can no longer be started.
The screen that Petya victims see