Decryption Key for Original Petya ransomware Released by its Author
The original creator of Petya ransomware has released a decryption key allowing all users that were infected by the ransomware to recover their encrypted files without paying any ransom.
The key only unlocks files that were encrypted by the original Petya ransomware. Recently, a dubbed version of the ransomware NotPetya caused havoc across the world and particularly targeted Ukraine. The key cannot decrypt files that are encrypted by NotPetya (aka ExPetr and Eternal Petya).
Janus, author of the original malware, has made the decryption key available to all users on Wednesday. And security reseachers have confirmed that the users infected by Red Petya, Green Petya and early versions of GoldenEye ransomware can recover their files back using this key. The authenticity of the key has been verified by an independent Polish information security researcher known as Hasherezede.
Kaspersky Lab research has also confirmed the authenticity of the key and confirms that it unlocks all versions of the Petya ransomware.
GoldenEye ransomware was created in 2016 by Janus and was sold as a Ransomware-as-a-Service (RaaS) to other hackers, allowing them to encrypt files and demand a ransom for retrieving the files.
The source code of the original Petya ransomware was modified by another hacker to create NotPetya that targeted Ukraine and other countries in Europe.