A patch that disarms the Petya ransomware has been posted online by an anonymous programmer and includes a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. It’s thought that the developer, who goes by the Twitter handle @leo_and_stone, produced the key generator to help his father-in-law unlock his computer, which had been hit by the malware.
Tim Stiller, Senior Systems Engineer at Rapid7 told us “What is unique about Petya ransomware and this new decryption tool is the ability to recover files without paying bitcoins. Many ransomware variants go to great lengths to thwart the user from decrypting the files without paying the ransom. In Petya’s case the disk was encrypted with just a single key. While the description technique for decryption can be a bit complex for some, it works.
For victims infected with Petya, this tool is very helpful at recovering their data. From the MA authors perspective, this particular decryption tool will likely prompt them to either change how the encryption functions, or shift over to a file-by-file level encryption, thus patching the ability to recover data.
For organisations dealing with threats such as this, it is recommended that they maintain recent backups of their data and avoid opening any emails and attachments that they are unsure about. If they have any concerns, they should forward suspect emails to the security team for triage.”
Original Source: TechWeekEurope
View the full story here