Creator of Petya Ransomware Wants to Help Decrypting The New Virus - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Creator of Petya Ransomware Wants to Help Decrypting The New Virus

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by EternalPetya and other threats.
Threats such as EternalPetya may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Ever since the new Petya also known as EternalPetya ransomware outbreak has occurred and it’s payment e-mail was shut down and after it was determined that the virus cannot reverse the encryption even if you pay, many researchers have put their effort into attempting to restore files encrypted by the new virus. What is new however, is that the original creator of the original Petya has resurfaced after being silent for several months when he released the older Petya, Mischa and GoldenEye variants in the deep web. And he resurfaced with the goal to help victims crack the virus.

The Petya Creator Offering Help on Twitter

Called by the nickname Janus, the hacker tweeted:

“Maybe it’s crackable with our privkey. Please upload the first 1MB of an infected device, that would help.”

The hacker Janus has put the Petya ransomware for sale back in spring 2016, just like many ransomware creators have done – via a RaaS scheme (Ransomware-as-a-service). However, how that the victims cannot decrypt their files from the modified variant, also known as NotPetya, the hacker appears to be sincere in offering assistance by using his own master decryption key. This may jeopardize his malicious activity, but for a good cause – to help crippled organizations recover their data. Looks like Janus did not mean for the virus to be making such a great impact as it happened.

The Outbreak Continues

Ever since the outbeak became serious In the 27th of June, many corporate systems as well as computers that are critical to Ukraine’s infrastructure were affected and crippled via the EternalBlue exploit used by the latter known EternalPetya variant and by WannaCry. This activity is very similar to the WannaCry ransomware outbreak which was stopped via a killswitch.

The bad news here is that cybersecurity researchers, like @hasherezade and friends have revealed on Twitter more information about the virus and how it was coded. Later, it became clear that the damage done by the ransomware virus cannot be reversed, because it cripples data in a way that cannot be decrypted. Many are calling the ransomware a cyber-weapon, due to it’s modification to target organizations massively via their system updates. This is interesting because while WannaCry’s lesson was “always update Windows”, the lesson that the new Petya (EternalPetya variant) gives is “I am infecting you via the Updates”.

The virus hit primarily Windows 7 and Windows XP – based operating systems, but around 8% of the computers hit had newer versions of Windows as well, spiking criticism and debates in the cyber-security sphere that Windows is not a good choice for organizations anymore.

The WannaCry outbreak was surely a big one, but it was stopped quite fast. It is curious to see the proportions which the EternalPetya variant will achieve as many already call it to be bigger than Wcry. What is not good in this particular situation is that the EternalPetya outbreak has also hit hospitals, which means that many people’s lives could be at stace, because of ransomware, which really points out to the importance of the matter. Researchers are still attempting to fight their way through reverse engineering Petya’s source code to try and decrypt data, but even if the master key provided by the hacker Janus succeeds in decrypting the MFT (Master File Table), the Master Boot Record (MBR), which is still replaced with an empty block of data remains a riddle many have yet to deal with to restore their drives. This is the main reason why many remain skeptic about directly decrypting their drives.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...