Victims were advised to save the Petya Sector Extractor (download zipped file) to the desktop of a working computer, extract and run the program so it can detect and scan the infected removable drive.
There’s no need to freak out if you don’t know how to do that as Emsisoft’s Fabian Wosar has come to your rescue by creating a tool that extracts the required data for you. “This data then needs to be converted to Base64 encoding” and inputted on leostone’s site to generate the key.
“The data that needs to be extracted is 512-bytes starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21),” wrote BleepingComputer. However, the technically-challenged may have no clue how to extract the specific data needed to use the Petya unlock tool. Leostone setup an online site as well as a mirror of that site where a victim can “get your encrypted disk back without paying ransom.” off, the drive needs to be connected to a working computer – don’t be afraid to open the panel and pull out the drive since a computer doesn’t bleed the squeamish could use a USB docking station to connect the hard drive to a working computer.
Hopefully that will never happen to you, but if it does then you should thank two security researchers for coming up with free solutions to save the day and your hard drive.īleepingComputer explained that created an algorithm that, within a few seconds, can generate the password needed to decrypt a hard drive locked up by Petya. If not paid, the ransom would double in a week. After pressing any key, they were presented with the nasty news of being a Petya ransomware victim and instructed how to pay the specified bitcoin ransom.Īfter using the Tor browser to visit the onion site listed in the ransom demand, victims would see something similar to screenshot below. Victims then saw a red screen filled with a white ASCII skull and crossbones. When the computer rebooted after the crash, it appeared as if Windows was running check disk in reality it was a fake CHKDSK as Petya ransomware encrypted the master file table. Victims who opened spam email and clicked a link to download a file, which they may have believed was a job applicant’s resume, instead were hit with the Blue Screen of Death in a matter of seconds. In a nutshell, it is a nasty one since it doesn’t just selectively encrypt documents, pictures or other specific files oh no, it locks up a victim’s entire hard drive by overwriting the master boot record. If you aren’t someone who pays attention to new variants of ransomware, then Petya has been described by BleepingComputer, F-Secure, G Data, Kasperksy Lab, Trend Micro and more.
But hey, that’s no longer true as the encryption has been defeated and a password generator has been developed so victims can decrypt their hard drives for free.
Victims of Petya ransomware have experienced a lock screen warning that their hard drive was encrypted with a military grade encryption algorithm and the only way to unlock it was to cough up the bitcoins to purchase a decryption key.