Saturday, 4 June 2016

Guide to Decrypt Petya Ransomware for Free


Ransomware has risen dramatically since last few years and is currently one of the most popular threats on the Internet.The Ransomware infections have become so sophisticated with the time that victims end up paying ransom in order to get their critical and sensitive data back. But if you are infected with Petya Ransomware, there is good news for you. You can unlock your infected computer without paying the hefty ransom. Thanks to the Petya author who left a bug in the Ransomware code.

What is Petya Ransomware?

Petya is a nasty piece of ransomware that emerged two weeks ago and worked very differently from any other ransomware. The ransomware targets the victims by rebooting their Windows computers, encrypting the hard drive's master boot file, and rendering the master boot record inoperable. A master boot record (MBR) is the information in the first sector of any hard disk that identifies how and where an OS is located while a master boot file is a file on NTFS volumes that includes the name, size, and location of all other files. Once done, the infected PC restarts and the Petya ransomware code is booted rather than the operating system, displaying a ransom note that demands 0.9 Bitcoin (approx. US$381) in exchange for the decryption key to recover the system's files.


Now, without the decryption password, the infected PC would not boot up, making all files on the startup disk inaccessible. However, a researcher who goes by the Twitter handle @leostone has developed a tool that generates the key Petya requires decrypting the master boot file.

Here's How to Unlock your Petya-infected Files for Free

The researcher discovered a weakness in the nasty malware's design after Petya infected his father-in-law's PC. According to security researcher Lawrence Abrams from the Bleeping Computer, the key generator tool developed by Leostone could unlock a Petya-encrypted PC in just 7 seconds. In order to use the Leostone's password generator tool, victims must remove the startup drive from the Petya affected computer and connect it to another Windows computer that's not infected. The victim then needs to extract data from the hard disk, specifically:

the base-64-encoded 512 bytes that start at sector 55 (0x37h) with an offset of 0.
the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21).

This data then needs to be used on this Web app (mirror site) created by Leostone to generate the key. The victim will then retrieve the key Petya used to decrypt the crucial file. Here's a Simple Tool to Unlock your Files For Free. Since the Leostone's tool is not a straight-forward method, extracting the encrypted data is not easy for many victims. The good news is that Fabian Wosar, a separate researcher, has created a free tool called the Petya Sector Extractor that can be used to easily extract the data in seconds. In order to use Petya Sector Extractor, victims must run the tool on the uninfected Windows computer that is connected to the infected hard drive from the affected computer. Abrams provided this step-by-step tutorial that will walk victims through the entire process.

This is a great solution to decrypt your infected files, but most likely, the Petya authors have already heard about this tool and are modifying their code to disable the solution. So, there is no guarantee the tool will continue to work indefinitely. 

Well, unfortunately if the free tool fails to decrypt Petya Ransomware completely from your Windows computer system then in such circumstances users will have no other option but to make use of Automatic Removal Tool. It is an ultimate solution to remove all kinds of nasty viruses from Windows PC. It is very advanced, powerful and easy to use tool which will remove Petya Ransomware form your Windows computer in just few easy steps.



1 comment:

  1. YoBit allows you to claim FREE CRYPTO-COINS from over 100 unique crypto-currencies, you complete a captcha once and claim as many as coins you want from the available offers.

    After you make about 20-30 claims, you complete the captcha and proceed to claiming.

    You can click on claim as many times as 50 times per one captcha.

    The coins will safe in your account, and you can convert them to Bitcoins or USD.

    ReplyDelete