On Wednesday, the author of Petya released the master key that will allow victims to retrieve their encrypted files.
To clarify the matter, Petya is not ‘NotPetya‘–the ransomware that recently caused havoc in Ukraine and other parts of Europe. NotPetya, also known as ExPetr and Eternal Petya, targeted hundreds of companies and organizations, even forcing some to stop their operations.
Petya is a crypto-malware that targets the Master Boot Record instead of stored files or network shares that the computer has access to. This ransomware has three variants that affected many systems across the globe–the Red Petya, Green Petya, and the GoldenEye Petya.
In March 2016, the author of Petya, who goes by the pseudo name ‘Janus,’ sold the ransomware as a Ransomware-as-a-Service (RaaS) to other hackers. It was said that Janus gets a cut on every ransom received by the hackers.#Petya decryption key released by the ransomware author himself! Click To Tweet
Janus published the master key to the Petya ransomware through Twitter and said that it can decrypt all files that have been locked by earlier versions of Petya. Anyone can download the decryption key by following the link Janus attached to his tweet.
— JANUS (@JanusSecretary) July 5, 2017
However, a victim must have a Petya decryptor tool to be able to use the key.
Hasherezade, a MalwareBytes researcher, confirmed the authenticity of the master key. On Thursday she posted her findings. The researcher said:
“Similarly to the authors of TeslaCrypt, (Janus) released his private key, allowing all the victims of the previous Petya attacks, to get their files back.”
Kaspersky Lab analyst Anton Ivanov also confirmed through his Twitter account that the key released by Janus could unlock Petya ransomware.
— Anton Ivanov (@antonivanovm) July 6, 2017
According to Janus, Petya has been modified by another threat actor to create NotPetya. However, a team of respected researchers called the grugq believe that NotPetya is not malware, somewhat contrary to what we recently reported. According to the team, NotPetya was not designed to make money. Rather, it was designed to spread fast and cause damage. Grugq tagged NotPetya as a “wiper malware.”
Currently, researchers are still unable to find a solution to the NotPetya malware. However, they are using the Petya master key published by Janus to build free decryptors for victims who still have crypto-locked hard drives.