Researchers Claim to Unlock Ransomware Encryption
One of the nastiest ransomware variants may have been defeated. Two security researchers have reportedly figured out a way to recover access to an encrypted computer without paying an extortion fee.
Most forms of ransomware involve infecting a victim's computer and then individually encrypts files. That leaves the victim able to run Windows, but unable to access any of their data.
The Petya variant is more dangerous as it encrypts the hard drive's master file table. That's a database which has the details of every files on a computer, including those for Windows itself. If the master file table is locked up in this way, the user can't even load up Windows or run any applications until they apply an unlock key, purchased from the criminals involved.
Genetics Inspires Solution
Now a Twitter user with the account name leostone claims to have created an algorithm that can decrypt a computer infected by Petya, simply by providing some information that is still accessible from the locked drive.
The algorithm is said to work by mimicking genetics and evolutionary biology. It repeatedly takes a possible solution, modifies it slightly and sees if that gets closer to the answer, and then either keeps or discards the modification as appropriate before making another slight change. Some people who have tested the algorithm say it found the unlock key in a matter of seconds.
Infected Drive Must Be Removed
It's not the simplest of solutions to use and may require expert assistance. It involves first removing the hard drive and either placing it in another (working) computer, or connecting it via a USB hard drive enclosure. The next step is to find a specific section of code from the encrypted drive using a third party utility (created by Fabian Wosar), then paste that data onto a website created by leostone that will in turn create the unlock key. (Source: computerworld.com)
If you are unfortunate enough to be infected by Petya, it may instead be worth seeking expert help to apply this solution. The good news is that such a solution is at least now said to be viable.
What's Your Opinion?
Do you trust this reported solution? Will such solutions deter the people who create ransomware? Or is it just a step in a game of whack-a-mole?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Most likely not a global solution
All encryption algorithms are only effective as their weakest link. In this case, the cybercriminals have their own method for encryption (the algorithm) which makes up Petya v1.0, but that algorithm has now been decrypted, which means it's no longer viable. The malware creators only need to modify their existing algorithm to make up Petya v2.0, and the decryption program by Leostone won't work. As such this would be another case of whack-a-mole. Hats off to Leostone for cracking the encryption, nonetheless.
Maybe, Maybe not..
Dennis, I wouldn't be so sure. If, in fact, it's taken from a genetics model, it may be that it would work on any variant. And since it''s only usig a snippet of code, it may be that any protectiopns against trial and error decryption methods such as your typical brute force would simply not be present..
imho...
True, but ...
If I was the malware author, I'd test the Petya v2.0 against what is currently being offered as a free decryption solution, then make the v2.0 encryption so obscure it would be impossible to crack. There are other encryption algorithms available that are also 'uncrackable' unless you used a supercomputer and brute force it, as you suggest. Don't forget if this was a global solution it would work on any encryption - which I really don't think is the case, or everything on the planet would easily be decrypted.