A patch that disarms the Petya ransomware has been posted online by an anonymous programmer and includes a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up.
It’s thought that the developer, who goes by the Twitter handle @leo_and_stone, produced the key generator to help his father-in-law unlock his computer, which had been hit by the malware
Unlike typical ransomware strains, which leave the PC operational but encrypt all files, Petya crashed the computer, and upon rebooting, would alter the hard drive’s boot record and encrypt the entire hard drive, catching the device in a pre-boot stage.
The malware would demand a ransom of 0.9 bitcoins (£265) to free the device, with victims needing to pay the ransom and enter the password they received inside the pre-boot command-line.
The anonymous researcher discovered that the ransomware did not broadcast to an external server, unlike most malware, meaning that the encryption process is all self-contained on the system. He or she then developed a way to employ genetic algorithms to crack the ransomware, and created two websites where victims can obtain the decryption password.
However, users looking to remove Petya will still need to carry out some complex steps in order to extract some information from their hard drive, which involves attaching the infected drive to another computer.
Then, by using an external tool which scans hard drives for Petya infections and automates the process of extracting the information needed to crack the ransomware, the drive can be cleaned and re-attached to the original device.
Ransomware has become an increasingly popular tactic for cybercriminals in recent years, as they can target large numbers of users for a quick financial return.
Researchers at security firm Trend Micro revealed last month that there were more ransomware-related infections found in February this year as the first six months of last year in total.
The company found that there were more than twice as many infections last month than in the entire first three months of 2015, and that the combination of January and February 2016’s tally is already more than triple the infection count for the first three months of last year.
Are you a security pro? Try our quiz!
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…