By Massmatic Cyber Forensic & Information Security
The original Petya ransomware generated in 2016, can now easily be broken open using its master decryption key, its author Johns Cyber crime Solution has released the key as an encrypted file, which was torn by Malwarebytes. Please note that this chat does not work on recent Petya/Notpetya wiper malware in which the affected computers do not have the ability to decrypt.
You know that recently the Petya / Petya is a malware attack, which is a disguised wiper in the form of a ransomware, before the 2016 Petya ransomware originally. Recently, the creator of the original Petya, Janus Cyber Crime Solutions (one person or one group) came out of the shadow and declared that he is not the mastermind behind the new Petya malware attack.
Now, Janus has gone ahead and has released the master decryption key for all the ransomware of the late Petya family - including GoldenEye, which was the last Petya version released by Janus. Please note that this key does not work on recent NotPetya malware, which does not have the ability to decrypt the affected system.
Janus has shared the master key on Twitter to let the affected people decrypt their files for free.
"They're right in front of you and can open very large doors"mega.nz/#!lmow0Z7D!Iny… @hasherezade @MalwareTechBlog ;)
However, the linked file was encrypted and the password was preserved. However, a security researcher at Malwarebytes estimated the password and decrypted the package with openssl. Therefore, here is the content of the file, that is, the original Petya ransomware master key in plain text:
Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.
Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.
While some previous versions of the patio were broken, but this key can help affected people who have preserved the encrypted disk in the hope of getting their files back.
Only if you are thinking that why Janus is trying to shine, then this may be due to all the publicity surrounding this new patio / notepeta wiper. It may be possible that Jansus does not want to be associated with the new version and is trying to improve by releasing the key for the older versions.
Is this article useful? Do not forget to share your experiences.
Only if you are thinking that why Janus is trying to shine, then this may be due to all the publicity surrounding this new patio / notepeta wiper. It may be possible that Jansus does not want to be associated with the new version and is trying to improve by releasing the key for the older versions.
Is this article useful? Do not forget to share your experiences.
Comments
Post a Comment