Skip to main content
  1. Home
  2. Computing
  3. News

Has Petya ransomware locked you out of your PC? A new tool can let you back in

Bruce Brown
By

NotPetya ransomware
Experts share how to recapture your data without paying ransomware Trend Micro
If you unwittingly fell victim to the Petya ransonware, there’s a way to get your data back without paying hundreds of dollars. The solution may not be effective in defeating future Petya code if the code is changed in the future, but it works with the current version, according to BleepingComputer.com.

When your computer is hijacked by Petya, the entire drive isn’t encrypted. The actual area that’s encrypted and effectively renders your system useless until unlocked is a specific segment on the drive. The boot sectors hold information needed to fully operate and access all the data on your computer, and that’s what the malware locks down. When you enter the decryption code the Petya developers want you to purchase, the boot sector information is un-encrypted and everything is put back to normal.

Recommended Videos

But you don’t have to pay the ransom. If you’re comfortable removing your hard drive, attaching it to another Windows computer, and downloading and running free utilities created by two Twitter users, you can do it all yourself.

Related

First, remove your encrypted hard drive and attach it as a non-boot drive to a second computer.

The data you need to find the Petya boot information is a 512-byte string starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21). Of course, finding that yourself won’t be easy. You’ll want a utility created by Fabian Wosar, whose Twitter handle is @fwosar. Download his Petya Sector Extractor utility, save the zip file to your desktop, extract the file, and the run PetyaExtractor.exe. This program searches the required sectors of your drive to find the proper string of data.

The next step is to go to either of two websites created by Twitter user @leostone. With your browser go here or here. When you open either of @leostone’s sites you’ll see a screen with two boxes for information generated by Fabian Wosar’s extractor utility. Use cut and paste to enter the data in the boxes on either of the websites. Click the Submit button and your decryption key will be generated. Write it down.

The last step involves re-attaching your original hard drive to the infected computer, and re-starting. When you see the Petya screen, enter the key you wrote down. It should be accepted, and your computer should immediately start decrypting. It soon will be as it was before you were infected.

Detailed instructions for the above process are available at BleepingComputer.com. If you find these steps daunting, your best bet will be to call local computer support firms, and find one familiar with this process.

This method of defeating Petya works for now. If the code is changed to subvert this rescue procedure, hopefully people like @leostone and Fabian Wosar can help again.

Editors' Recommendations

Topics
Bruce Brown
Bruce Brown
Contributing Editor
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Malware has a terrible new way to get to your computer
A villager looks at a sunset.

You've heard of malware spreading through spammy emails and mysterious links on strange websites. But now there's a new avenue of attack for bad actors to take -- and it's via Minecraft. Yes, you read it correctly. The open-world building game loved by seven-year-olds around the globe is quickly becoming a favorite method for spreading malware.

As reported by Bleeping Computer, Kaspersky Labs researched the phenomena from July 2021 until July 2022, and it found that in-game malware accounted for a significant amount of the malware that was spread in that time. Although there was a 30% drop in malware attacks in that year when compared to 2020, the amount of gaming-related malware actually increased. Minecraft on PC was the preferred vector.

Read more
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more
Oh great, new malware lets hackers hijack your Wi-Fi router
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As if you didn't already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

Read more