The original creator of the Petya ransomware, who goes under the alias “Janus”, has released the private key of the infamous Petya malware. This key will help the recovery or decryption of computers infected with Petya. It will not help however, with the decryption of files infected with the more recent variant called “NotPetya”.
Janus has shared the private key with a security researcher at Malwarebytes called “Hasherezade”. She wrote on her Github page that she will start to create a decryption tool whenever she finds the time for it.
“It seems that this is Janus’ private key for all the previous Petyas. This key cannot help in case of EternalPetya, since, in this particular case, the Salsa keys are not encrypted with Janus’ public key, but, instead of this, erased and lost forever.” – Hasherezade
Even though this key will work on a lot of Petya infected machines, we’re not sure if many people are still infected by this. Especially after the havoc it’s new big brother EternalPetya, a synonym for NotPetya, has caused all around the globe. Good news is that Janus has announced that he is willing to help out with the decryption of the EternalPetya software.
Creators of the NotPetya malware have recently released a statement saying they would give the private key for 100 Bitcoin, which is about 230.000 euro. Because often times we can not trust the reliability of these cyber criminals, Motherboard sent an encrypted file their way asking to decrypt it. They successfully got the decrypted file back. This doesn’t necessarily mean that users will be able to get their files back, there are more variables to be taken into consideration.
For now we can only hope for an private key or decryption method for NotPetya. Luckily we have the original Petya creator Janus on our side!