Short Bytes: The original Petya ransomware, which originated in 2016, can now be easily cracked open using its master decryption key. Its author Janus Cybercrime Solutions has released the key in the form of an encrypted file, which was cracked by Malwarebytes. Please note that this key doesn’t work on the recent Petya/NotPetya wiper malware which lacks the ability to decrypt affected computers.You might be knowing that the recent attack of Petya/NotPetya malware, which is a wiper disguised as a ransomware, was preceded by the 2016’s original Petya ransomware. Recently, original Petya’s creator, Janus Cybercrime Solutions (a person or a group), came out of the shadows and announced that he isn’t the mastermind behind the new Petya malware attack.
Now, Janus has gone ahead and released the master decryption key for all ransomware of older Petya family–including GoldenEye, which was the last Petya version released by Janus. Please note that this key doesn’t work on the most recent NotPetya malware, which lacks the ability to decrypt affected systems.
Recommended: 8 Best Anti Ransomware Tools You Must Be Using In 2017
Janus has shared the master key on Twitter to let the affected people decrypt their files for free.
"They're right in front of you and can open very large doors" https://t.co/kuCUMZ5ZWP @hasherezade @MalwareTechBlog ;)
— JANUS (@JanusSecretary) July 5, 2017
However, the linked file was encrypted and password protected. But, a security researcher at Malwarebytes guessed the password and decrypted the package with openssl. So, here is the content of the file, i.e., original Petya ransomware master key in plain text:
Here is our secp192k1 privkey:
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.
While some previous versions of Petya were cracked, this key reveal might help affected people who have preserved the encrypted disks in the hope of getting their files back.
Just in case you’re wondering why Janus is trying to get back in the limelight, this could be due to all the hype surrounding the new Petya/NotPetya wiper. It could be possible that Janus doesn’t want to be associated with the new variant and he’s trying to make amends by releasing the key for older versions.
Have something to add to this story? Don’t forget to share your experiences.
Also Read: What Is The Difference: Viruses, Worms, Ransomware, Trojans, Bots, Malware, Spyware, Etc?