Petya Ransomware Maker Releases Master Key For File Decryption

Petya master key format

The maker of the original Petya ransomware (not to be confused with the latest NotPetya malware) published the encryption master key on Twitter, which should now allow everyone who has been affected by Petya to decrypt their files for free.

Good Guy Malware Maker?

The person or group going by the almost professional-looking name of “Janus Cybercrime Solutions” made the Petya master key available on Twitter without further comments on why they are releasing it.

Over the past few days, NotPetya, a piece of malware that may have been based off a version of Petya, has started infecting thousands of companies in Ukraine. It’s plausible that the Janus group wanted to make it clear that the latest attack, which has brought much unwanted media attention, isn’t organized by them.

One way to do that is to “fix” the damage they’ve previously done themselves with their own Petya ransomware by releasing the key that can decrypt all the files that have been locked by Petya. The key can decrypt all the files that have been encrypted by all three versions of Petya (the ones showing the red, yellow, and green skull flash screens). However, to actually use the key, a Petya decryptor tool will have to incorporate it. Such tools should show up shortly online.

Apparently, Janus didn’t want to make it too easy for security researchers, so they put a password on the file they linked on Twitter for download. However, the password seems to have been easily bruteforced using a dictionary attack.

Janus previously leaked the master key for Chimera, a rival ransomware.

Key Unusable Against NotPetya

As NotPetya seems to have been created and deployed by a different group, it makes sense that the key Janus released wouldn’t work on NotPetya, which also used a different encryption scheme than the one used in the original Petya.

Janus previously claimed that Petya was “pirated,” but only after it tried to give other cybercrime groups the ability to make their own Petya variant through a subscription service. If Petya was indeed pirated, then other malware makers should be able to create Petya spin-offs even if Janus has completely shut down all operations to avoid being a target of various law enforcement groups.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • derekullo
    This reminds me of a certain Rick and Morty episode, Rick Potion No. 9.

    https://youtu.be/kX3x4cRDNrE?t=28s

    "Are you kidding me?

    You're gonna try to take the high road on this one?"
    Reply
  • derekullo
    Also Janus reminds me of the Janus Syndicate from Goldeneye.

    http://jamesbond.wikia.com/wiki/Janus_Syndicate

    I'm almost certain that is what they were going for with the name.
    Reply
  • Nintendork
    They should be executed so clowns think twice before doing <mod edit>. Go bury yourself with money that worth nothing in the afterlife :D
    Reply
  • EasyListening
    Ah Janus, the two-faced god.
    Reply
  • fireaza
    I'll never understand how ransomware people think. There's exploitive businesses out there, but their business is literally "give us money or you'll never get your data back". At least a shady auto-repair garage gives you something for the unnessessary repairs they do, these guys offer no services whatsoever. Why do they care so much about the "reputation" of their "brand" that they feel guilty if someone else does the same thing as you with a similarly named software?
    Reply
  • Stewart_15
    Randsomware creators are some of the worst scum of the earth. There will be a special place in hell for them. They will be given the option to free themselves from hell when they forced to figure out the decryption word to a 1GB encryption key.
    Reply
  • Stewart_15
    Randsomware creators are some of the worst scum of the earth. There will be a special place in hell for them. They will be given the option to free themselves from hell when they forced to figure out the decryption word to a 1GB encryption key.
    Reply