Over the past year or so, we have seen multiple ransomware developers suddenly give up. Free decryption of files for the victims of one of the most popular ransomwares does not happen all that often, so it is big news when this does happen. Petya, also known as Mischa and GoldenEye, is no longer a threat officially. The developer published the master decryption key, which makes restoring file access a lot easier.
Janus Cybercrime Solutions Gives up Petya Key
In a surprising turn of events, Petya and all of its variants are no longer an actual threat to computer users. The developer released the master decryption key. It is unclear why Janus Cybercrime Solutions decided to do this, as Petya and its variants have been widely successful over the past few years.
The master decryption key can be used to decrypt all three existing Petya Strains. This includes the Mischa and GoldenEye ransomware, both of which use the exact same code base as Petya. These latter two are also evolutions of the original malware, with new features added on top and other small code changes. Sadly, this key will not work for the NotPetya strain, since that one is not developed by Janus Cybercrime Solutions.
The validity of this master key has been determined by Kaspersky Lab. The ransomeware developers surrendered, but no one knows why. Given the wide variety of ransomware types in circulation right now, the competition is certainly heating up. Popular and prominent malware strains will always have their place in the market. Petya was on that list, until a few days ago.
— Anton Ivanov (@antonivanovm) July 6, 2017
One challenge remains as security researchers need to develop a decryption tool which makes use of this master key. Even though Petya encryption has been cracked numerous times already, the master decryption key-based tool will decrypt files a lot quicker. Victims want to regain access to their device and its associated files sooner rather than later. It is unclear who will build this new tool or when it will be released.
The master decryption key will be less useful than what many may think. With the majority of Petya attacks taking place in 2016, many victims have already moved on. The chance is very likely their computer files have been erased already. This does not mean one should not build a decryption tool from the master key, but it remains doubtful there will be many use cases for it anytime soon.
NotPetya victims will be rather disappointed this decryption key will do nothing for them. Since NotPetya was created by different developers, there is no chance that this master key will work for any other ransomware. There is no viable decryption tool available for NotPetya as of right now. It seems like for every major threat that goes away, half a dozen new ones pop up.