Skip to main content

Has Petya ransomware locked you out of your PC? A new tool can let you back in

If you unwittingly fell victim to the Petya ransonware, there’s a way to get your data back without paying hundreds of dollars. The solution may not be effective in defeating future Petya code if the code is changed in the future, but it works with the current version, according to BleepingComputer.com.

When your computer is hijacked by Petya, the entire drive isn’t encrypted. The actual area that’s encrypted and effectively renders your system useless until unlocked is a specific segment on the drive. The boot sectors hold information needed to fully operate and access all the data on your computer, and that’s what the malware locks down. When you enter the decryption code the Petya developers want you to purchase, the boot sector information is un-encrypted and everything is put back to normal.

Recommended Videos

But you don’t have to pay the ransom. If you’re comfortable removing your hard drive, attaching it to another Windows computer, and downloading and running free utilities created by two Twitter users, you can do it all yourself.

First, remove your encrypted hard drive and attach it as a non-boot drive to a second computer.

The data you need to find the Petya boot information is a 512-byte string starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21). Of course, finding that yourself won’t be easy. You’ll want a utility created by Fabian Wosar, whose Twitter handle is @fwosar. Download his Petya Sector Extractor utility, save the zip file to your desktop, extract the file, and the run PetyaExtractor.exe. This program searches the required sectors of your drive to find the proper string of data.

The next step is to go to either of two websites created by Twitter user @leostone. With your browser go here or here. When you open either of @leostone’s sites you’ll see a screen with two boxes for information generated by Fabian Wosar’s extractor utility. Use cut and paste to enter the data in the boxes on either of the websites. Click the Submit button and your decryption key will be generated. Write it down.

The last step involves re-attaching your original hard drive to the infected computer, and re-starting. When you see the Petya screen, enter the key you wrote down. It should be accepted, and your computer should immediately start decrypting. It soon will be as it was before you were infected.

Detailed instructions for the above process are available at BleepingComputer.com. If you find these steps daunting, your best bet will be to call local computer support firms, and find one familiar with this process.

This method of defeating Petya works for now. If the code is changed to subvert this rescue procedure, hopefully people like @leostone and Fabian Wosar can help again.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
You can finally try out Apple Intelligence on your Mac. Here’s how
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

The second developer beta of macOS Sequoia is open for business and it includes Apple Intelligence features. It looks like anyone can try it out as long as you're not in China. That includes people in the EU -- even though the AI features might not launch there right away. The features available for testing include Writing Tools, Siri, Safari and Mail summaries, Smart Replies, Memory Movies, transcription features, Reduce Interruptions Focus Mode, and a few more. If you want to have a look yourself, here's everything you need to do to download the beta and activate Apple Intelligence.

Before you start, make sure you've backed up your Mac with Time Machine so you can restore the previous version if anything goes wrong. You can also use a secondary device if you have another Apple silicon Mac lying around because beta versions can go wrong and you have to download them at your own risk.

Read more
This new free tool lets you easily train AI models on your own
Gigabyte AI TOP utility branding

Gigabyte has announced the launch of AI TOP, its in-house software utility designed to bring advanced AI model training capabilities to home users. Making its first appearance at this year’s Computex, AI TOP allows users to locally train and fine-tune AI models with a capacity of up to 236 billion parameters when used with recommended hardware.

AI TOP is essentially a comprehensive solution for local AI model fine-tuning, enhancing privacy and security for sensitive data while providing maximum flexibility and real-time adjustments. According to Gigabyte, the utility comes with a user-friendly interface and has been designed to help beginners and experienced users easily navigate and understand the information and settings. Additionally, the utility includes AI TOP Tutor, which offers various AI TOP solutions, setup guidance, and technical support for all types of AI model operators.

Read more
Windows may let you purge your PC of AI
Person sitting and using a Windows Surface computer with Windows 11.

Microsoft raised some serious privacy and security concerns with the upcoming launch of the controversial AI feature Recall as part of Copilot+ PCs. This led to Microsoft making changes to Recall, including making it opt-in rather than on by default. And now, according to an X (formerly Twitter) thread, Microsoft is giving you even more control over what apps can use AI.

The new feature will reportedly be found in Settings > Privacy & Security section > Let app use Generative AI. Users can toggle the feature on or off with a single click and select which specific apps are granted AI access. The idea is to give you more control over what apps and users can use generative AI.

Read more