Good News for Victims, But Won’t Help With NotPetya Outbreak
Good news for some ransomware victims: The master key used to encrypt the original versions of Petya ransomware has been released. As a result, says the independent Polish information security researcher known as Hasherezade, security researchers can use it to build free decryptors for any victims who still have crypto-locked hard drives.
The bad news, however, is that the private key only works on the original versions of Petya. It cannot be used to decrypt PCs that were affected by the outbreak of Petya-like, crypto-locking malware that began June 27.
Security researchers have been variously referring to that malware as NotPetya, SortaPetya, Nyetya, ExPetr, Diskcoder.C and EternalPetya, among many other names. While it initially appeared to be Petya, upon closer inspection, security researchers say it only uses some Petya components. They have concluded that while the malware shares some similarities with Petya, many aspects of it are different.
The First Petya
The original Petya first appeared in 2016 as an innovative ransomware-as-a-service offering.
Petya introduced full-disk encryption – not just encrypting files – by encrypting the file system table, thus disabling a victim’s ability to even boot their PC. Petya was also the first strain to begin doubling the ransom demand – in its case, after seven days – for non-payers, according to California-based security firm McAfee.