An unidentified programmer with twitter handle leostone produce a tool that can generate the password used to decrypt a Petya encrypted computer. This is good news for Petya ransomware victims who can now unlock infected computers without paying. Here to comment on this news is Tim Stiller, Senior Systems Engineer, Rapid7.
Tim Stiller, Senior Systems Engineer, Rapid7:
“What is unique about Petya ransomware and this new decryption tool is the ability to recover files without paying bitcoins. Many ransomware variants go to great lengths to thwart the user from decrypting the files without paying the ransom. In Petya’s case the disk was encrypted with just a single key. While the description technique for decryption can be a bit complex for some, it works.
For victims infected with Petya, this tool is very helpful at recovering their data. From the MA authors perspective, this particular decryption tool will likely prompt them to either change how the encryption functions, or shift over to a file-by-file level encryption, thus patching the ability to recover data.
For organisations dealing with threats such as this, it is recommended that they maintain recent backups of their data and avoid opening any emails and attachments that they are unsure about. If they have any concerns, they should forward suspect emails to the security team for triage.”