Good news for Petya Ransomware infected victims. Two security researchers created an online service and a desktop with tool that can help them generate the password needed to unlock their computer.
Petya Ransomware appeared around 25 March and works in a very different way from any other ransomware. Instead of encrypting files by leaving the computer in a working state, ransomware crashes the entire system. After restarting, it encrypts the entire hard disk.
The computer will get stuck at this point if you do not have a password that is required before booting the operating system. Of course, in order to get the code he will have to pay the ransom demanded by the scammers developed by Petya Ransomware.
The two researchers observed that ransomware does not communicate with a server and understood that encryption process settings and decryption keys are stored locally. Then they just found it.
A researcher who did not want to reveal his name, (uses the nickname Leo Stone on Twitter), he discovered the algorithms to break the ransomware. In fact, he created two websites where malicious software victims can obtain their own decryption code.
Το πρόβλημα είναι ότι, για να ξεκλειδώσει κάποιος το σύστημά του από το Petya, θα χρειαστεί ορισμένες πληροφορίες που είναι κλειδωμένες στο σκληρό δίσκο του μολυσμένου υπολογιστή. Εδώ έρχεται ο Fabian Wosar της Emsisoft που δημιούργησε ένα εργαλείο exportof this information.
Download the tool from the link below:
The first thing you need to do is get the infected hard drive and plug it into another computer. You will need a Windows computer that will be able to run Mr. Wosar's tool. Petya Ransomware Extractor scans hard disks for infections from Petya and automates the process of extracting the information required to break the ransomware.
Once Petya Ransomware Extractor detects the hard drive that is infected with Petya, press the first button that says "Copy Nonce." Copy it to the clipboard, and go to any of Leo Stone's web pages, press CTRL + V to paste the text in the box that says "Base64 encoded 8 bytes nonce."
Once you have the appropriate data, fill in the boxes and press the "Submit" button and wait for the algorithm to do its job.
When you have the decryption code, put the hard one that is infected by Petya in its original location and start the computer. Once you see the screen that the ransom requires, simply enter the code in the appropriate box and press Enter.
Your disk will be unlocked, and will decrypt the data.
The pages for decryption:
https://petya-pay-no-ransom.herokuapp.com/
https://petya-pay-no-ransom-mirror1.herokuapp.com/