Big Win for Cybersecurity as Petya’s Code Gets Cracked

By: Joe Hewitson| - Leave a comment

Bigstock

  • In a cybersecurity climate dominated by clever bits of ransomware locking up critical data across the globe, those that have held out on ransom demands can finally breathe a sigh of relief — assuming one of Petya’s three main variants were to blame.

  • According to Forbes, an independent malware analyst known only as Hasherezade has officially cracked the code — oddly enough, with a little help from the malware’s original author.

  • Hasherezade, who protects her real identity, managed to leverage the master key for Petya, released earlier in July by Petya’s author, Janus, to unlock encrypted drives. The tool uses the master key and an extracted user ID key unique to each victim to recover the actual keys used to encrypt the data.

    Decryption Tools Unlock Petya

    With decryption keys in hand, users can download the tool specific to their variant of Petya and reunite with their data. The original Petya comes in three flavors: Red Petya, Green Petya and Goldeneye. Each has its own distinct strategy for encrypting data and thus requires its own removal program.

    That said, all three generally operate by creating a new master boot record (MBR) that contains a table of contents of the disk’s layout. Malicious code within the new MBR then executes as the system reboots and encrypts the master file table (MFT). Without access to the MFT, the operating system doesn’t know where to find its own files.

    Hasherezade’s tools effectively allow users to restore these tables. It’s worth noting that offshoots of the original Petya — such as NotPetya and PetrWrap — aren’t affected by Hasherezade’s work. Because data could be destroyed in the process, Hasherezade recommends backing up your locked drive before attempting to unlock.

    As great as this news is for those affected by ransomware, it’s important to understand that countermeasures are never the ideal solution. If anything, the emergence of Petya decryption tools highlights the need for comprehensive cybersecurity and resiliency services that take the sting out of malware before lasting damage is done.

    Topics: , , ,

    Comments

    About The Author

    Joe Hewitson

    News Writer

    With a degree in Applied Computing Technology and over a decade of service in the IT and Software Development industries, Joe Hewitson has acquired a keen ability to write about emerging technologies and the impact they have on businesses in many different industries. Accompanying his love for all things tech is a passion for writing informed and engaging pieces in a unique and easy to understand voice. Living in the beautiful arms of the Rocky Mountains, Joe is an avid outdoorsman and enjoys running, biking, and fishing.