‘Encryption by Petya-ransomware in some cases, reversible’
Files that are encrypted by the ransomware Petya, that last month a lot of companies in Ukraine and other countries took, may in some cases be ‘saved’.
That, say researchers from the security firm Postitive Technologies.
The Petya-malware uses various encryption methods, depending on the security of the affected computers. If the virus administrator could get, was the so-called Salsa20 algorithm is used.
In the implementation thereof, it appears that the creators of the virus, several errors have made, which makes the encryption reversible seems to be.
The researchers warn that this is still a complicated and relatively long process. We be able can companies that specialize in recovering data in the future an automated solution. It is unclear what percentage of all affected computers would help by such software.
Recently, I went into the alleged creators of Petya. They said the files can decrypt them on payment of 100 bitcoin (over 200,000 euro). It is unclear whether companies already on this offer will be entered and or the blackmailers actually the required key in their hands.
You need to know about Petya, the ‘cyber attack disguised as ransomware