{"id":7036,"date":"2016-04-12T02:57:55","date_gmt":"2016-04-12T06:57:55","guid":{"rendered":"https:\/\/kasperskydaily.com\/uk\/?p=7036"},"modified":"2019-11-22T10:10:50","modified_gmt":"2019-11-22T10:10:50","slug":"petya-decryptor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/petya-decryptor\/7036\/","title":{"rendered":"Ransomware bug leads to Petya decryptor"},"content":{"rendered":"<p>Typically we don\u2019t cheer bugs. However, today we\u2019ll make an exception.<br>\nYou see a bug or flaw in the code for Petya ransomware has allowed a developer to create a tool to unlock a user\u2019s device without paying the ransom.<\/p>\n<p>Last month, we alerted you about Petya and it\u2019s pension to destroy devices. So I\u2019d say that a cheer or Internet high-five is well deserved for the user identified as @Leostone on Twitter.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hurray!!! Its official, the found key is working!!!<br>I'll update the github with the genetic version, keys will be found in less than a min:)<\/p>\n<p>\u2014 leostone (@leo_and_stone) <a href=\"https:\/\/twitter.com\/leo_and_stone\/status\/718533591240675335?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 8, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>With the avatar being an egg, one would have to wonder \u2013 does this decryptor actually work? To find out, we reached out to our research team.<br>\nThe team confirmed that the tool actually works. Since they had previously built a similar tool to decrypt CoinVault and Bitcryptor, we asked them if they\u2019d be making another decryptor. They replied, \u201cno, because everything is made in Goprograming language and is using a third party genetic algorithm library. In order to make our own utility, we would have to reverse engineer and rewrite the program. This is a lot of work.\u201d<br>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7038\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2016\/04\/05193946\/Petya-sot.png\" alt=\"Petya sot\" width=\"991\" height=\"599\"><br>\nThe team then close the chat by noting that this tool exploits a flaw in the Petya programming. Much like companies with patches, the researchers note that in a week or so, we will see a newer revision of Petya that fixes the flaw that allows the data to be decrypted.<br>\nIf you\u2019ve fallen victim to Petya and don\u2019t want to pay the ransom of approximately $480, you may want to give the tool a try, you can access the site <a href=\"https:\/\/petya-pay-no-ransom.herokuapp.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A bug in Petya ransomware has led to a decryptor that can help those impacted.<\/p>\n","protected":false},"author":636,"featured_media":7037,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2026,9],"tags":[1412,1374,441,1413],"class_list":{"0":"post-7036","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"category-tips","10":"tag-patya-ransomware","11":"tag-petya","12":"tag-ransomware","13":"tag-ransomware-decryptor"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/petya-decryptor\/7036\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/petya-decryptor\/5415\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/petya-decryptor\/7012\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/petya-decryptor\/6950\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/petya-decryptor\/8091\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/petya-decryptor\/7945\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/petya-decryptor\/11585\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/petya-decryptor\/11819\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/petya-decryptor\/5521\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/petya-decryptor\/6161\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/petya-decryptor\/7383\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/petya-decryptor\/10990\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/petya-decryptor\/11585\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/petya-decryptor\/11819\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/petya-decryptor\/11819\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/patya-ransomware\/","name":"Patya Ransomware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=7036"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7036\/revisions"}],"predecessor-version":[{"id":17751,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7036\/revisions\/17751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/7037"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=7036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=7036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=7036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}