Password Generator Tool Breaks Petya Ransomware Encryption

[RV_]

This is great news. However it still requires removal of the hard drive and a drive dock or second computer. There are several hot links in the actual article to detailed instructions to avoid paying the ~$400 in bitcoin to unlock the computer.

 

Excerpt:

 

"Researchers have been looking into Petya, a strain of ransomware that targets infected machine’s master boot records, since it emerged late last month. Until now, the only option for users who had their MBR encrypted was to fork over roughly $400 in Bitcoin for the decryption key.

 

Users can generate a decryption key, providing they can supply the tool with information from their infected drive.

 

While this can be a fickle task for the average user, Fabian Wosar, a security researcher at Emisoft, created an executable over the weekend designed to extract data from infected Petya drives and expedite the process.

 

Lawrence Abrams, a computer forensics expert who blogs at BleepingComputer.com and has been following the ransomware’s saga, put together a guide on how to use the tool Sunday.

 

Abrams claims the tool scans the affected drive for the Petya bootcode, automatically selects it, and gives users the option to copy both the sector, and nonce associated with it.

 

With that information – a Base64-encoded 512 bytes verification data and a Base64-encoded 8 bytes nonce – victims can navigate to @leostone’s site, copy and paste, and generate a password.

 

Users still have to physically remove the drive from the infected machine and attach it to either a Windows machine or a USB drive docking station, but instead of having to hunt around for the correct code, Wosar’s tool does the job for users.

 

Abrams told Threatpost on Monday that while he hasn’t heard of any success stories outside the security community, he was able to decrypt a Petya-infected test machine of his own using the steps in just seven seconds. While both the algorithm and the tool are encouraging, Abrams admits that it may only be a matter of time before the criminals behind Petya catch on to the tool and bulk up the encryption behind the ransomware.

 

“I feel this ransomware is too “innovative” to fall by the way side,” Abrams said via email, “My guess is that they will fix the vulnerability and push out a newer version with stronger encryption.”

 

The whole article is here: https://kasperskycontenthub.com/threatpost/password-generator-tool-breaks-petya-ransomware-encryption/117315/

[Pieere]

Danged the bad luck! One has to be a computer Guru just to browse the internet! Thanks for the information as always, but I think doing the backups to another hard drive is best! Then take a sledgehammer to the infected computer! LOL! If you have all your files would it be easier to just install another Hard drive and reload the files!

[RV_]

It would be much easier to just have a daily or weekly full system image, and then get a new drive and restore the image to it. But neither would work for tablets.

 

In actuality, the best thing is to go and get the free antiransomeware download from Malwarebytes as we discussed here: http://www.rvnetwork.com/index.php?showtopic=122643&p=836387

 

Joel introduced us to this program which is free and is on all my systems now with no issues having it running in the background.

[Pieere]

Did the anti Ransomware when Joel suggested it! Thanks!