Decryption Key For Petya Ransomware is now Available

The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya/ExPetr outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted files.

According to researchers, the author of the original Petya ransomware, which goes by the pseudonym Janus, made the key available on Wednesday.

“Similarly to the authors of TeslaCrypt, (Janus) released his private key, allowing all the victims of the previous Petya attacks, to get their files back,” wrote Hasherezade, a researcher for MalwareBytes that posted her finding on Thursday.

The researchers at the Kaspersky Lab analyzed the master key and found that it can be used to unlock not just the Petya ransomware but also the early versions of the GoldenEye ransomware.

“They have published their Petya master key works for all versions including the GoldenEye,” tweeted Ivanov.

The GoldenEye ransomware was created by the makers of Petya in 2016. It was the fourth one made based on the Petya code. The compiled application was stolen this year and later modified by another malware creator.

The latest version of the malware is based on the pirated GoldenEye code which was believed to be used in last month’s wiper outbreak which was originated in the Ukraine. Unlike the previous versions, this latest version lacked the ability to decrypt the affected systems and was considered as the wiper malware. It goes by various names such as Not Petya, Eternal Petya, ExPetr, and sometimes Hasherezade, GoldenEye said.



Petya is crypto-malware that is known for targeting a victim’s Master Boot Record instead of files stored on the computer, network shares or backups that the computer may have access to. The ransomware has demanded around $400 in Bitcoin for the decryption key.

So, what do you guys think about this? Let us know in the comment box below.