[情報] Petya 勒索軟體作者釋出解密主金鑰
 

The author of the original Petya ransomware — a person/group going by the name of Janus Cybercrime Solutions — has released the master decryption key of all past Petya versions.

This key can decrypt all ransomware families part of the Petya family except NotPetya, which isn't the work of Janus. This list includes:

⩥ First Petya ransomware version (flashed white skull on red background during boot-up screens)
⩥ Second Petya version that also included Mischa ransomware (flashed green skull on black background during boot-up screens)
⩥ Third Petya version, also known as GoldenEye ransomware (flashed yellow skull on black background during boot-up screens)

載點

Malwarebytes security researcher Hasherezade cracked the file yesterday and shared its content:

Kaspersky Lab security researcher Anton Ivanov tested and confirmed the master key's validity.

This key is the private (server-side) key used during the encryption of past Petya versions. Decrypters can be built that incorporate this key. In the past, security researchers have cracked Petya encryption on at least two ocassions [1, 2], but with the private key in the open, decrypter will recover files much faster than the previously known methods.

Unfortunately, this decryption key won't be as useful as many people think.

Most (original) Petya campaigns happened in 2016, and very few campaigns have been active this year. Users that had their files locked have wiped drives or paid the ransom many months before. The key will only help those victims who cloned their drives and saved a copy of the encrypted data.

Decryption key is useless for NotPetya victims
This key won't help NotPetya victims because the NotPetya ransomware was created by "pirating" the original Petya ransomware and modifying its behavior by a process called patching. NotPetya used a different encryption routine and was proven to have no connection to the original Petya.

In 2016, Janus had been very active on Twitter while promoting a Ransomware-as-a-Service (RaaS) portal where other crooks could rent access to the Petya+Micha ransomware combo. Janus became active in 2017 after a long period of silence just to deny any involvement with the NotPetya outbreak.

Hashezerade believes that Janus released Petya's decryption key as a result of the recent NotPetya outbreak, and he might have decided to shut down his operation.

Janus is not the first ransomware author/group who released his master decryption key. The TeslaCrypt group did the same in the spring of 2016. Last year, Janus also hacked the servers of a rival ransomware author — Chimera ransomware — and dumped his decryption keys.

CR https://www.bleepingcomputer.com/ne...decryption-key/

Petya 勒索軟體背後的作者公開了解密主金鑰。
主金鑰可用於解密所有版本的 Petya 勒索軟體，但最近流行的 NotPetya 除外。NotPetya 偽裝成 Petya 勒索軟體，其目的被認為是為了破壞資料，本質上與 Petya 無關。

Petya 作者將主金鑰上傳到了檔案共享網站 Mega。安全研究人員已經證實了金鑰的真實性。專家相信 Petya 作者公開主金鑰的動機旨在與 NotPetya 攻擊切割，避免在 NotPetya 攻擊之後受到調查或被控發起了 NotPetya 攻擊。

CR AntiVirus

說來好笑
這個怕被牽連查水表才放出來
還是個該死人x

不了解耶，都做了還被怕被抓嗎@@!? 而且 也沒聽說 哪個 勒索軟體 的團體被抓了

之前聽說過，做勒索軟體的賺夠了後就會把金鑰釋出不玩了，類似之前的自爆迴路

幹了一堆壞事，現在要脫身，洗白，這甚麼邏輯!!

難道之前的都沒賺夠嗎?
我還有一台中了cryptolocker的還沒解
不過忘記是不是變種的

小小聲的請問一下，要怎麼把被加密的檔案利用此金鑰進行解密？ 謝謝 :shy:

參考看看。
http://www.ithome.com.tw/news/105247


如果你是ESET的用戶，他們有出解密工具。
http://www.eset.tw/html/86/201606271/

:) :) :)

不是每個都會想放出來

這個一看就是怕被另一個模仿他的給連累

趕快放出解密來切割

是不容易被抓，但有被抓到過
不然之前卡巴，趨勢這些資安公司也出不了解密工具(跟警方合作)

這隻勒索作者的大概沒想到有人會模仿他
怕自己夜路走多會出事xd