The author of the original Petya ransomware — a person/group going by the name of Janus Cybercrime Solutions — has released the master decryption key of all past Petya versions.

This key can decrypt all ransomware families part of the Petya family except NotPetya, which isn't the work of Janus. This list includes:

⩥ First Petya ransomware version (flashed white skull on red background during boot-up screens)
⩥ Second Petya version that also included Mischa ransomware (flashed green skull on black background during boot-up screens)
⩥ Third Petya version, also known as GoldenEye ransomware (flashed yellow skull on black background during boot-up screens)

載點

Malwarebytes security researcher Hasherezade cracked the file yesterday and shared its content:

Kaspersky Lab security researcher Anton Ivanov tested and confirmed the master key's validity.

This key is the private (server-side) key used during the encryption of past Petya versions. Decrypters can be built that incorporate this key. In the past, security researchers have cracked Petya encryption on at least two ocassions [1, 2], but with the private key in the open, decrypter will recover files much faster than the previously known methods.

Unfortunately, this decryption key won't be as useful as many people think.

Most (original) Petya campaigns happened in 2016, and very few campaigns have been active this year. Users that had their files locked have wiped drives or paid the ransom many months before. The key will only help those victims who cloned their drives and saved a copy of the encrypted data.

Decryption key is useless for NotPetya victims
This key won't help NotPetya victims because the NotPetya ransomware was created by "pirating" the original Petya ransomware and modifying its behavior by a process called patching. NotPetya used a different encryption routine and was proven to have no connection to the original Petya.

In 2016, Janus had been very active on Twitter while promoting a Ransomware-as-a-Service (RaaS) portal where other crooks could rent access to the Petya+Micha ransomware combo. Janus became active in 2017 after a long period of silence just to deny any involvement with the NotPetya outbreak.

Hashezerade believes that Janus released Petya's decryption key as a result of the recent NotPetya outbreak, and he might have decided to shut down his operation.

Janus is not the first ransomware author/group who released his master decryption key. The TeslaCrypt group did the same in the spring of 2016. Last year, Janus also hacked the servers of a rival ransomware author — Chimera ransomware — and dumped his decryption keys.

CR https://www.bleepingcomputer.com/ne...decryption-key/

Petya 勒索軟體背後的作者公開了解密主金鑰。
主金鑰可用於解密所有版本的 Petya 勒索軟體，但最近流行的 NotPetya 除外。NotPetya 偽裝成 Petya 勒索軟體，其目的被認為是為了破壞資料，本質上與 Petya 無關。

Petya 作者將主金鑰上傳到了檔案共享網站 Mega。安全研究人員已經證實了金鑰的真實性。專家相信 Petya 作者公開主金鑰的動機旨在與 NotPetya 攻擊切割，避免在 NotPetya 攻擊之後受到調查或被控發起了 NotPetya 攻擊。

CR AntiVirus