The author of the ransomware Petya, who attacked many PC in 2016 posted a link to an encrypted file on mega.nz via Twitter on Wednesday. Meanwhile the encrypted file was cracked by Malwarebytes, and they shared the content:
Here is our secp192k1 privkey:
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.
Kaspersky confirmed that the key is valid by decrypting a previously copy attacked by Petya. Meanwhile it’s confirmed that the following forks of Petya can also get decrypted:
– Petya ransomware (flashed white skull on red background during boot-up screens)
– Mischa ransomware (flashed green skull on black background during boot-up screens)
– GoldenEye ransomware (flashed yellow skull on black background during boot-up screens
Previous attack of NotPetya is unable to get decrypted using this key since it’s using a different encryption method.