Petya master key published

The author of the ransomware Petya, who attacked many PC in 2016 posted a link to an encrypted file on mega.nz via Twitter on Wednesday. Meanwhile the encrypted file was cracked by Malwarebytes, and they shared the content:

Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.

Key confirmed

Kaspersky confirmed that the key is valid by decrypting a previously copy attacked by Petya. Meanwhile it’s confirmed that the following forks of Petya can also get decrypted:

– Petya ransomware (flashed white skull on red background during boot-up screens)
– Mischa ransomware (flashed green skull on black background during boot-up screens)
– GoldenEye ransomware (flashed yellow skull on black background during boot-up screens

Previous attack of NotPetya is unable to get decrypted using this key since it’s using a different encryption method.

Leave a Reply

Your email address will not be published. Required fields are marked *