The master key of the original pocket version of ransomware has been unveiled by its creator, allowing infected Petya ransomware victims to recover their encrypted files without having to pay any ransom money.
But wait, it’s not NotPetya it’s Petya.
Do not confuse the Petya ransomware with the latest ransomware NotPetya destructive (also known as ExPetr and Eternal Petya) attacks that have wreaked havoc around the world last month, targeting more and more entities in Ukraine and parts of Europe.
Petya Ransomware has three variants that have infected many systems around the world, but now the original malware author, known as the Janus pseudonym, has made available Wednesday’s master key.
According to security researchers, victims infected with previous variants of Petya Ransomware rewind, including Red Petya Ransomware (first version) and Green Petya Ransomware (second version) and earlier versions, GoldenEye ransomware can recover their own encrypted files using the master key.
The authenticity of the master key has been verified by a Polish independent researcher in the field of computer security known as Hasherezade.
“Similarly, the authors of TeslaCrypt, has released its private key, allowing all victims of previous Petya Ransomware attacks, to recover their own files,” wrote Hasherezade his account of Malwarebytes Thursday.
“With the master key released today, all people who have preserved the encrypted disk images from their versions of Petya Ransomware could have the opportunity to come back.”
Although the first and second version of Petya Ransomware collapsed last year, the private key issued by Janus still offers the fastest and most reliable way for victims infected by Petya Ransomware to decrypt their files, especially stuck with the third indecipherable version.
Meanwhile, Kaspersky Lab research analyst Anton Ivanov also analyzed Jano’s primary key and confirmed that the key opens all ransomware pocket versions, including GoldenEye.
Janus has created ransomware GoldenEye in 2016 and has sold variants like ransomware-as-a-service (RAAS) to other hackers, allowing anyone to start ransomware attacks with just one click and system encryption and request a Unlock it.
If the victim pays, Janus gets a pay cut. But in December, he remained silent.
However, according to author Petya, malicious software has been changed by another actor threatening to create NotPetya which aimed at computer critical infrastructure and corporations in Ukraine and 64 other countries.
NotPetya’s Ransomware also uses pirated NSA lost leverage EternalBlue and EternalRomance to quickly spread within a network and WMIC and PSEXEC tools to remotely execute malware on machines.
Security experts even believe that the true intent behind the recent ransomware crisis, which is believed to be the largest ransomware WannaCry, would cause a disruption rather than another ransomware attack.
According to the researchers, NotPetya is actually malicious software that cleans up in a complete system, destroying all records of target systems and asking for a rescue was only to divert the attention of the world by a state-sponsored attack on a malware explosion.
Luck is not infected with NotPetya, but the main key in the past can help people who have been attacked by the previous variants of Riaffio Petya and Goldeneye.
Security researchers use the key to build free descriptor for victims who still have encrypted hard drives.