Last week, we reported on the Petya ransomware which was able to encrypt entire hard drives rather than individual files. Due to a bug in the ransomware, an independent developer has made a decryptor to unencrypt hard drives that have fallen victim to Petya without paying the ransom. Here are the details.
Ransomware picture from Shutterstock
Usually it's hackers that exploit IT vulnerabilities to do their dirty work. This time around, the attackers have had the tables turned on them with a developer, who is only known by his Twitter handle @leostone, exploiting a bug in the Petya ransomware to thwart its extortion methods.
The decryptor, which does look suspicious given it's hosted on a rudimentary website and was released by an unidentifiable figure, actually works. Security vendor Kaspersky Lab had a research team verify this, but there are a few issues that users will face if they do want to use it.
For one, the website that the decryptor is hosted on is a bit up and down due to the amount of traffic that is hitting it (probably from eager victims of Petya). It also involves a somewhat complicated process of removing your affected hard drive, plugging it into another PC and extract some special data with a Base64 decoder before the website can generate a key to decode your encrypted files.
Thankfully, another developer has created a tool to make the process a little easier. You can find @leostone's Petya ransomware decryptor over at this his Petya Pay No Ransom website. You take a closer look at the decrpytor over at his GitHub page.
You can read more about the Petya ransomware decryptor over at the Kaspersky Lab blog
[Via Kaspersky Lab Blog]