Menchie Mendoza, Tech Times

Security researchers discovered a way to crack the Petya ransomware that attacked victims two weeks ago. With the new tool, victims can decrypt their PC's master boot file using a free password in order to start using their PCs once again.

The researcher, known only by the Twitter handle @leo_and_stone (Leo Stone), tweeted a link where users can get their disks back.

Petya criminals attacked by way of sending spam emails and then prompting victims to click a link to download a file that appeared like a legit resume of a job applicant. After clicking, victims are instantly hit with the Blue Screen of Death. The computer would then reboot after the crash and it would seem like Windows is running a disk check. It was then learned that the disk check is fake because Petya ransomware had successfully encrypted the master file table.

The next thing that the victims would see on their PC is a red screen with a white skull and crossbones along with the words that say "Press any key!" After pressing a key, victims would then read a message that tells them they have just become a Petya ransomware victim and should therefore pay ransom using bitcoin. If the ransom demand is not paid, the price would double in a week.

Petya authors are reportedly demanding 0.99 bitcoin (around $423) from ransomware victims.

Leo Stone created an algorithm that can generate the password in decrypting the Petya-locked hard drive in just a few seconds and with no extra cost. Additionally, the researcher put up an online site and another site that mirrors the first one where victims can go to get back their encrypted disk without the need to pay the ransom.

Lawrence Abrams, a computer security expert at Bleeping Computer, said that using Stone's tool allowed him to generate a decryption key in a matter of seven seconds. However, the tool can also be too complicated for many users to implement, particularly those who are not quite tech-savvy.

Luckily, another security researcher identified as Fabian Wosar was able to develop the so-called "Petya Sector Extractor," which works by collecting certain data that are needed in order for victims to start using the tool described by Leo Stone. Users would simply have to load up their hard drive on a non-affected Windows PC and then run the extractor.

The Petya Sector Extractor will then generate some information which the user should copy and paste. At this point, victims can now use Leo Stone's tool for generating a decryption key.

Victims can load back the hard drive into the infected computer and then use the generated decryption key to decrypt their infected files.

Victims are advised to use the tool as soon as possible or while it still works and while Petya authors have not found a way just yet to manipulate the tool again and make it useless.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Ransomware Ransomware Attack Petya bitcoin password
Join the Discussion

Related Article