The notorious 'Petya' crypto-ransomware, which can lock down entire computer networks for extortion-based cybercrime schemes, has been cracked open by a computer programmer – meaning any system infected with the Trojan can now be unlocked without sending bitcoin to the hackers.
Uploaded to GitHub by a user under the name Leo-Stone, the tool contains an algorithm that is able to generate the decryption key needed to reaccess locked files. Additionally, the process was verified by separate security researchers, who were able to extract the key in under ten seconds.
The process itself may at first appear complex, according to security researcher Lawrence Abrams. "To use Leo-Stone's decryption tool you will need attach the Petya-affected drive to another computer and extract specific data from it," he said. "Unfortunately, for many victims extracting this data is not an easy task." Luckily, Abrams has uploaded a step-by-step guide on how to use the crypto-ransomware algorithm.
Ransomware has become an effective – and ruthless – cybercrime tool, and is increasingly being used to extort money out of individual internet users, large firms and critical infrastructure. Recently, a slew of hospitals in the US had their crucial computer systems held to ransom. In one landmark case, a healthcare institution paid $17,000 (£11,800) to decrypt its computers after patients were left at risk.
Petya emerged as a competent ransomware tool in March this year. As outlined by Trend Micro researcher Jasen Sumalapaoat at the time, Petya could spread via legitimate cloud services like Dropbox, alongside more traditional methods such as malware-ridden email spam. The tool's signature was a large red skull-and-crossbones image that would appear on an infected system's screen. In return for access to the locked files, the operators would demand 0.9 bitcoins, equivalent to £260.
However, with this new tool, users that follow the steps have a real chance of circumventing the payment process. "What is unique about Petya ransomware and this new decryption tool is the ability to recover files without paying bitcoins," said Tim Stiller, senior systems engineer with security firm Rapid7. "Many ransomware variants go to great lengths to thwart the user from decrypting the files without paying the ransom. In Petya's case the disk was encrypted with just a single key. While the description technique for decryption can be a bit complex for some, it works. For victims infected with Petya, this tool is very helpful at recovering their data."