Researchers Claim to Unlock Ransomware Encryption

John Lister's picture

One of the nastiest ransomware variants may have been defeated. Two security researchers have reportedly figured out a way to recover access to an encrypted computer without paying an extortion fee.

Most forms of ransomware involve infecting a victim's computer and then individually encrypts files. That leaves the victim able to run Windows, but unable to access any of their data.

The Petya variant is more dangerous as it encrypts the hard drive's master file table. That's a database which has the details of every files on a computer, including those for Windows itself. If the master file table is locked up in this way, the user can't even load up Windows or run any applications until they apply an unlock key, purchased from the criminals involved.

Genetics Inspires Solution

Now a Twitter user with the account name leostone claims to have created an algorithm that can decrypt a computer infected by Petya, simply by providing some information that is still accessible from the locked drive.

The algorithm is said to work by mimicking genetics and evolutionary biology. It repeatedly takes a possible solution, modifies it slightly and sees if that gets closer to the answer, and then either keeps or discards the modification as appropriate before making another slight change. Some people who have tested the algorithm say it found the unlock key in a matter of seconds.

Infected Drive Must Be Removed

It's not the simplest of solutions to use and may require expert assistance. It involves first removing the hard drive and either placing it in another (working) computer, or connecting it via a USB hard drive enclosure. The next step is to find a specific section of code from the encrypted drive using a third party utility (created by Fabian Wosar), then paste that data onto a website created by leostone that will in turn create the unlock key. (Source: computerworld.com)

If you are unfortunate enough to be infected by Petya, it may instead be worth seeking expert help to apply this solution. The good news is that such a solution is at least now said to be viable.

What's Your Opinion?

Do you trust this reported solution? Will such solutions deter the people who create ransomware? Or is it just a step in a game of whack-a-mole?

Rate this article: 
Average: 4.9 (8 votes)

Comments

Dennis Faas's picture

All encryption algorithms are only effective as their weakest link. In this case, the cybercriminals have their own method for encryption (the algorithm) which makes up Petya v1.0, but that algorithm has now been decrypted, which means it's no longer viable. The malware creators only need to modify their existing algorithm to make up Petya v2.0, and the decryption program by Leostone won't work. As such this would be another case of whack-a-mole. Hats off to Leostone for cracking the encryption, nonetheless.

Doccus's picture

Dennis, I wouldn't be so sure. If, in fact, it's taken from a genetics model, it may be that it would work on any variant. And since it''s only usig a snippet of code, it may be that any protectiopns against trial and error decryption methods such as your typical brute force would simply not be present..
imho...

Dennis Faas's picture

If I was the malware author, I'd test the Petya v2.0 against what is currently being offered as a free decryption solution, then make the v2.0 encryption so obscure it would be impossible to crack. There are other encryption algorithms available that are also 'uncrackable' unless you used a supercomputer and brute force it, as you suggest. Don't forget if this was a global solution it would work on any encryption - which I really don't think is the case, or everything on the planet would easily be decrypted.