Security experts are warning that a newly revealed hack designed to let victims of the Petya ransomware decrypt their files again, might not be useful for too much longer.
An unnamed researcher posted their solution to the Github developer site after apparently working on it when their father-in-law’s PC got infected at Easter.
The white hat produced a genetic algorithm which is able to deduce the decryption key needed to unlock a victim PC within seconds.
However, doing so is apparently far from easy. It requires a user to mount the infected drive on a third party machine, and extract data from two locations of their encrypted disk – the eight-byte nonce and 512-byte encrypted verification sector – before running it through the algorithm.
“I know the code is a mess, but I was kinda in a hurry,” the researcher wrote on Github.
Security experts welcomed the news but warned it was not a replacement for best practice security which can mitigate the risk of infection in the first place.
“The Petya decryption tool is a very impressive find that uses maths against maths. It’s excellent work and hopefully it will be useful to some of the users affected with Petya. However, I believe we are going to see less and less of these tools coming out in the future,” argued Qualys CTO, Wolfgang Kandek.
“They abuse weaknesses in the coding of the malware, in essence finding a vulnerability in the malware and using it to extract information format. This led to the decryption key being made available. However, just like in ‘normal’ industry sectors, malware developers will look at the exploit and the tool, and then fix the vulnerability in the next release. By definition these tools are single use only.”
Tim Stiller, senior systems engineer at Rapid7, added that organizations should concentrate on preventative measures, such as maintaining recent back-ups of data and avoiding any suspicious-looking emails and attachments.