Petya author releases master decryption key for all versions of the ransomware
The Petya ransomware -- and several variants -- wreaked havoc with data around the world, but now the author of the original malware has released the master decryption key.
Janus Cybercrime Solutions has provided a key that work with all "official" variants of Petya (meaning NotPetya is not included). The key was released to -- of all places -- Mega, and its authenticity has been verified. While Petya has already been cracked, the key offers the fastest and most reliable decryption method yet.
Janus said back in June that he/she/they would take a look at NotPetya to see if it was possible to decrypt it, but nothing has yet come of this. In the meantime, a tweet provided a link to the hosting site Mega, where a password-protected file was housed:
"They're right in front of you and can open very large doors" https://t.co/kuCUMZ5ZWP @hasherezade @MalwareTechBlog ;)
— JANUS (@JanusSecretary) July 5, 2017
Bleeping Computer reports that a security researcher from Malwarebytes managed to crack the file, and then made its contents available:
Here is our secp192k1 privkey:
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the "Personal Code" which is BASE58 encoded.
The key has been tested and is known to work, which is good news for anyone who happens to have a Petya-infected hard drive lying around waiting for attention.