If you haven’t already deleted files that encrypted with the original Petya ransomware (which originated in 2016), you are so lucky. The master key can now be used by victims to decrypt and unlock the encrypted files.
Researchers said that the creator of the original Petya ransomware, which uses the alias Janus, made the key available on Wednesday.
Janus came out of the shadows and said that he isn’t the author behind the new Petya malware attack and has released the master decryption key for all ransomware of older (original) Petya family–including the GoldenEye, which was the last ransomware version released by Janus.
Janus (the original ransomware author) has shared the master key on Twitter to help the victims decrypt and restore their files for free. But, the file that contains the master key was encrypted and protected with a password. A security researcher from Malwarebytes was able to guess the password and decrypted the file using openssl.
The content of the file from Malwarebytes:
“Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.”“This key cannot help in case of EternalPetya, since, in this particular case, the Salsa keys are not encrypted with Janus’ public key, but, instead of this, erased and lost forever. It can only help the people who were attacked by Petya/Goldeneye in the past.”
The master key will help victims who were affected by previous types of Petya-ransomware and Goldeneye ransomware in the past.