Threat Management, Malware, Ransomware, Threat Management

Decryptor for old Petya versions released

Malwarebytes researchers have developed decryptors for unlocking all legitimate older versions of Petya ransomware.

Researchers used the master key released by the author of the original version, Janus, to develop keys for Red Petya, Green Petya (both versions) and Mischa, and Goldeneye (bootlocker and files), according to a July 24 blog post.

The key allows recovery for users that were infected by low level attacks which encrypts the Master File Table and high level attacks which encrypts files one by one however, the decryption process is different in each case. Researchers built a Live CD and a Windows executable tool to decrypt the individual key from the victim ID. Once the key is obtained the original decryptors can be used to recover a user's files.

Unfortunately the tools don't allow users to unlock pirated Petyas such as PetrWrap and ElternalPetya, a.k.a NotPetya. There were also some cases in which researchers said Petya may hang during decryption or cause other problems that could potentially damage data. Users should make additional backups to mitigate these risks. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.