Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free

Posted by msmash on from the a-day-late-and-a-dollar-short? dept.

Reader itwbennett writes: Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard drive's master boot record (MBR), leaving infected computers unable to boot into the operating system. Now, security experts have devised a method that, while not exactly straightforward, allows users to recover data from computers infected with the ransomware without paying money to cyber criminals. Folks over at BleepingComputer have confirmed that the aforementioned technique works.

2 of 49 comments (clear)

  1. Refund policy? by safetyinnumbers · · Score: 5, Funny

    I hope that they'll offer at least a partial refund to anyone who's paid in the last 30 days.

  2. The key isn't stored, a yes/no is. Like MD5 by raymorris · · Score: 5, Informative

    If you're familiar with an MD5 hash, that's what's stored on the drive. Except it's a slightly different version than MD5.

    If you're NOT familiar with MD5, I'll try to explain it a bit. The malware author wanted to handle the key being entered incorrectly, to have an error message saying "that's not the correct key". Without that error message, a typo while entering the key would result in decrypting the drive incorrectly, permanently destroying the data. So the malware needed a way to determine if the key is correct or not. To determine whether or not a key (or password) is correct without storing it, programmers use something called a hash.

    Here's a really bad hash algorithm, just to demo the concept:
    Where X is the key (a number):
    (square root of X) = 110

    So we store the hash, 110. Someone enters 9 as the key. The malware does the math:
    (square root of 9) + 9 = 12
    Since the hash doesn't match 110, that's the wrong key and it throws an error.

    The hash function I just used is bad because based on the result, 110, you can easily figure out that the key must be 100. The malware used a better hash function, one based on something called "salsa20". However, the hash function they used wasn't very secure. You only have to try maybe a million keys before you find the right one. With CPUs that can try a million keys in just a few seconds, it's easy to find the key which matches the stored hash.