Infected with Petya ransomware?

An anonymous security researcher has published code that can unlock the encryption used by the Petya ransomware that surfaced last month.


The ransomware – first spotted hitting German computer users – reboots the infected Windows PC, pretends to run a CHKDSK program while encrypting the hard drive’s file system tables, overwrites the master boot record, and reboots. After the machine restarts, the malware’s code is booted rather than the operating system, and it demands 0.9 Bitcoin ($381) in exchange for a key code to recover the system’s files.

But, according to a researcher going by the Twitter handle leo_and_stone, the malware writers made a mistake. He explained that an infection of his father-in-law’s PC got him examining the code and finding weaknesses in the software nasty’s design.

“Well, I always like a challenge … the hard task of analyzing and reimplementing the modified salsa algorithm is done,” he said. “So, here it is for everyone to play and experiment with. Btw, paying ransom isn’t that much of a challenge”

Read More