Technology

Petya victims given hope by researchers

A security firm says it has managed to decrypt files damaged by the recent Petya ransomware attack, on one infected computer.

The cyber-attack caused havoc for businesses around the globe, but mainly in Ukraine.

The potential solution only works if the ransomware secured administration privileges to the machine.

However Positive Technologies said the concept is currently too technical for most average computer users to run.

“Once you have a proof of concept of how data can be decrypted, the information security community can take this knowledge and develop automatic tools, or simplify the methodology of getting the encryption reversed,” said the firm’s Dan Tara.

The company says in a blog that the creators of the ransomware made mistakes in programming the encryption algorithm Salsa 20 that was used with administration rights.

Mr Tara said his team had not expected to get this result when it started investigating the outbreak.

“Recovering data from a hard drive with this method requires applying heuristics, and may take several hours,” said Head of Reverse Engineering Dmitry Sklyarov.

“The completeness of data recovery depends on many factors (disk size, free space, and fragmentation) and may be able to reach 100% for large disks that contain many standard files, such as OS [Operating Systems] and application components that are identical on many machines and have known values.”

Advertisement

  • 299711-standard-chartered-e1481281332644.jpg
  • 14650115595600640854.jpg
  • 1-ProspectingDisplay_GroceryList_250x250.jpg

Advertisement

  • 14650115595600640854.jpg
  • 5033859989409811240.jpg
  • 6203732974878153276.jpg

Advertisement

  • 80151048_025326500.jpg
  • 5033859989409811240.jpg
  • 3d65f5e0-cadc-42e3-9a88-29449e0b220e.gif