The PETYA ransomware is one of the most recent online threats for PC users. It is a malware which overwrites the MBR (Master Boot Record) of your PC and leaves it unbootable and also disallows restarting the PC in Safe Mode. Simply put, PETYA ransomware is a malware which encrypts your PC and asks for a ransom against the decryption key.
Petya ransomware password generator & decrypt tool
While it is natural for users to panic in this situation and pay the ransom to get the decryption key, there is, fortunately, a decrypt tool available now. A new Petya password generator has been created to let the users decrypt their hard drive without paying any ransom. Yes! You can actually get your PETYA infected and encrypted disk back without paying a single bitcoin. However, the method is a bit technical and would not be easy for a non-techie PC user, it is still worth trying.
How to use Petya ransomware decrypt tool
To start with, you first need to extract some data from PETYA infected drive by connecting another computer to it. You need to get the 512 bytes of verification data and 8 byte nonce, to be precise. You can also use some hexeditor to get the verification and nonce sector from the encrypted disk.
Nonce 8-bytes: sector 54 [0x36] offset: 33 [0x21]
Encrypted Verification Sector 512-bytes: sector 55 [0x37] offset: 0 [0x0]
- Save the files as src.txt and nonce.txt.
- Head over to Leostone’s decryption website petya-pay-no-ransom.herokuapp.com to use the genetic solver which gives you the decryption key in just a few seconds.
- This webpage has two fields where you have to paste the requested data from the infected drive.
- Click on ‘Submit’ and wait for a few seconds. The password generator will generate your decryption key.
- Go back to your encrypted disk and enter the generated decryption key when prompted.
- Your drive will be decrypted for free, without paying any ransom.
PETYA ransomware infects your computer and leaves no way to interact with the hard drive, but this online tool created by Leostone give you the access back in just a few seconds.
This is what the webpage title on Github says, “Get your Petya encrypted disk back, WITHOUT paying ransom!!!”.
Ransomware victim? Check out this list of Ransomware Decryptor Tools.