Petya developers release master decryption key

by Jake Doevan - - 2017-07-07

Criminals give away decryption key for all three Petya virus versions

NotPetya virus effects on businesses

Christmas came early for the Petya ransomware victims as the official developers of the virus, who call themselves Janus Cybercrime Solutions, have released master decryption key capable of decrypting all Petya virus variants ^[1].

The password-protected document carrying Petya’s Master key was discovered on a file sharing website called mega.nz. Following some advanced research, security experts at MalwareBytes have managed to get inside the file where they found the following message:

Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.

After this vital information was released, other cybersecurity researchers have joined the investigation. The key was tested out for authenticity, and it has passed the test. Currently, security software vendors are working on a decryptor which will make the recovery of files encrypted by GoldenEye and other ransomware versions more convenient.

Not everyone is hyped up about Petya decryption

Experts point out that the decrypter will not work for all Petya victims. This includes users who have saved copies of the encrypted data. The late release of the decryptor will also only rub salt into the wounds of users, who have already paid the extortionists or deleted the encrypted data from their computers along with the virus.

Nevertheless, the biggest wave of disappointment currently ripples through NotPetya virus victims who must have had their hopes up when they first heard about the release of the master key. NotPetya is still undecryptable as it is not a work of Janus Cybercrime Solutions group ^[2].

The virus was created based on the original virus code, but it works independently to the main ransomware campaign. So, the victims of this new and very malicious ransomware string will have to wait for their turn in decrypting their personal data.

Major companies issue reports about the financial damage inflicted by ransomware attacks

NotPetya attacks were exceptional in a sense that they were primarily focused on world organizations, major businesses, and companies. You may have heard about the attacks on vehicle producer Honda, British marketing company WPP, Danish ^[3] logistic companies, etc. The extent of the damage thought to be massive and only recently after more in-depth estimations did the affected parties started naming specific numbers.

As an example, in their post-attack statement, Reckitt Benckiser Group admitted that the company will most likely be dealing with losses reaching up to $117 million dollars by the end of this year. Other companies that suffered ransomware attacks are expected to experience similar and even more radical outcomes ^[4].

About the author

Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References

^ Catalin Cimpanu. Author of original Petya ransomware publishes master decryption key. Bleepingcomputer. News in the Security category.
^ Petya virus levels up: new and very malicious ransomware versions emerge. Virusactivity. Latest virus activity news.
^ Uden virus. Udenvirus. IT news, malware reviews and removal solutions.
^ Phil Muncaster. Nurofen-maker admits ‘Petya’ attack will cost millions. Infosecurity-magazine. Information Security & IT Security News and Resources.