A patch that disarms the Petya ransomware has been posted online by an anonymous programmer and includes a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up.
It’s thought that the developer, who goes by the Twitter handle @leo_and_stone, produced the key generator to help his father-in-law unlock his computer, which had been hit by the malware
Unlike typical ransomware strains, which leave the PC operational but encrypt all files, Petya crashed the computer, and upon rebooting, would alter the hard drive’s boot record and encrypt the entire hard drive, catching the device in a pre-boot stage.
The malware would demand a ransom of 0.9 bitcoins (£265) to free the device, with victims needing to pay the ransom and enter the password they received inside the pre-boot command-line.
The anonymous researcher discovered that the ransomware did not broadcast to an external server, unlike most malware, meaning that the encryption process is all self-contained on the system. He or she then developed a way to employ genetic algorithms to crack the ransomware, and created two websites where victims can obtain the decryption password.
However, users looking to remove Petya will still need to carry out some complex steps in order to extract some information from their hard drive, which involves attaching the infected drive to another computer.
Then, by using an external tool which scans hard drives for Petya infections and automates the process of extracting the information needed to crack the ransomware, the drive can be cleaned and re-attached to the original device.
Ransomware has become an increasingly popular tactic for cybercriminals in recent years, as they can target large numbers of users for a quick financial return.
Researchers at security firm Trend Micro revealed last month that there were more ransomware-related infections found in February this year as the first six months of last year in total.
The company found that there were more than twice as many infections last month than in the entire first three months of 2015, and that the combination of January and February 2016’s tally is already more than triple the infection count for the first three months of last year.
Are you a security pro? Try our quiz!
American space agency prepares for testing of Boeing's Starliner, to ensure it has two space…
As UK and Europe develop closer military ties, European Commission says it will invest €1.3…
Zuckerberg seeks to revive Facebook's original spirit, as Meta launches Facebook Friends tab, so users…
Notable development for Meta, after appeal against 2021 WhatsApp privacy fine is backed by advisor…
First sign of shake-up under new CEO Lip-Bu Tan? Three Intel board members confirm they…
Trump's nominee for SEC Chairman, Paul Atkins, has pledged a “rational, coherent, and principled approach”…
![](data:image/svg+xml;charset=utf-8,<svg height="166px" width="296px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
