Hacker News: Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims

petya-ransomware-decryption-key

The author of original Petya ransomware is back.

After a long 6 months of silence, the author of now infamous Petya ransomware appeared on Twitter today to help victims unlock their files encrypted by a new version of Petya, also known as NotPetya.

“We’re back having a look in NotPetya,” tweeted Janus, a name Petya creator previously chose for himself from a James Bond villain. “Maybe it’s crackable with our privkey. Please upload the first 1MB of an infected device, that would help.”

This statement made by Petya author suggests he may have held on a master decryption key, which if worked for the new variant of Petya infected files, victims would be able to decrypt their files locked in the recent cyber outcry.

Janus sold Petya as a Ransomware-as-a-Service (RaaS) to other hackers in March 2016, and like any regular ransomware, original Petya was designed to lock victim’s computer, then return them when a ransom is paid.

This means anyone could launch the Petya ransomware attack with just the click of a button, encrypt anyone’s system and demand a ransom to unlock it. If the victim pays, Janus gets a cut of the payment. But in December, he went silent.

However, On Tuesday, computer systems of the nation’s critical infrastructure and corporates in Ukraine and 64 other countries were struck by a global cyber attack, which was similar to the WannaCry outbreak that crippled tens of thousands of systems worldwide.

Initially, a new variant of Petya ransomware, NotPetya, was blamed for infecting systems worldwide, but later, the NotPetya story took an interesting turn.

Yesterday, it researchers found that NotPetya is not a ransomware, rather it’s a wiper malware that wipes systems outright, destroying all records from the targeted systems.

NotPetya also uses NSA’s leaked Windows hacking exploit EternalBlue and EternalRomance to rapidly spread within the network, and WMIC and PSEXEC tools to remotely execute malware on the machines.

Experts even believe the real attack has been disguised to divert world’s attention from a state-sponsored attack to a malware outbreak.

The source code to Petya has never been leaked, but some researchers are still trying hard to reverse engineer to find possible solutions.

Would this Really Help Victims?

Since Janus is examining the new code and even if his master key succeeds in decrypting victims’ hard drive’s master file table (MFT), it won’t be of much help until researchers find a way to repair MBR, which is wiped off by NotPetya without keeping any copy.

Tuesday’s cyber outbreak is believed to be bigger than WannaCry, causing disaster to many critical infrastructures, including bricking computers at a Ukrainian power company, several banks in Ukraine, and the country’s Kyiv Boryspil International Airport.

The NotPetya also canceled surgeries at two Pittsburgh-area hospitals, hit computers at the pharmaceutical company Merck and the law firm DLA Piper, as well as infected computers at the Dutch shipping company A.P. Moller-Maersk forced to shut down some container terminals in seaports from Los Angeles to Mumbai.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.
Advertisements

One thought on “Hacker News: Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims

  1. Pingback: ‘Petya’ State-Sponsored Virus and NotPetya Ransomware (via 1EarthUnited) | Futurist Trendcast

♥Thanks for sharing♥

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s