Victims of several strains of the Petya ransomware may now be able unlock their files for free, thanks to the release of a new decryption tool for the malware family.
While the tool is capable of decrypting the standard versions of Petya, unfortunately for those infected by the Petya/NotPetya outbreak, it doesn't work for systems infected by the variant, which originated in Ukraine before spreading around the world.
Following the NotPetya outbreak, the author of the original version of the ransomware, Janus, released his master key and now cybersecurity researchers at Malwarebytes Labs have used the key to release a decryptor that can decrypt all legitimate versions of Red Petya, Green Petya, and GoldenEye and recover the lost files.
But the researchers warn that during tests it found that in some cases Petya may hang during decryption, or cause some other problems potentially damaging to data and said: "That's why, before any decryption attempts, we recommend you to make an additional backup."
Petya was one of the first types of ransomware to gain major success by spreading itself via a 'ransomware-as-a-as- service' scheme, whereby the author allowed budding hackers and cybercriminals to use the malicious code for their own ends -- in exchange for a cut of the profits.
The malware was equipped with measures to prevent unauthorised use of samples, but the group behind PetrWrap have managed to crack the Petya code and are using it to carry out their own attacks. The cryptography behind PetrWrap ransomware is so strong that there's currently no decryption tool which can crack it.