Petya ransomware is a nasty piece of malware that once infected completely locks you out of your system. Up to now most ransomware infections encrypt individual files located in folders on your machine. You would still be able to login but not access the files unless you pay the ransom. Petya encrypts what is called the Master Boot Record (MBR) on Windows machines which locks you out of your entire system. Petya asks for 0.9 bitcoins which is about $250 or so to unlock your files. Although there is never a guarantee that the hacker would release your files after getting your money.
However the geniuses roaming the Internet have discovered a flaw in Petya and have cracked it allowing those infected to get their files back for free. The trade off however is they the unlock process is not easy and would be difficult for the less-than-technical users, but everyone has an IT geek in their circles somewhere. You can access the tool here and there is an easier process with a program to get the data here.
It needs to be emphasized that if you are infected with Petya or know someone that is, the unlock process is not easy. It requires removing the infected hard drive, creating a removable USB drive and connecting it up to an infection free Windows machine to run the tool(s) to extract deep hard drive information in order to unlock. If it’s between that process and getting back irreplaceable files the effort is worth it. You could also pay the ransom which is a valid option but nothing I would support.
Like all ransomware, viruses, trojans and other malicious infections and software they are reminders that having an Internet connected computer does come with extra responsibilities. Staying naive that nothing can happen to you will bite everyone in the long run. Whether it’s a piece of ransomware or a hardware failure, you will lose data at some point. That is unless you take a few extra steps to ensure your data is protected, backed up and isolated on a regular basis. Then if you get into a position like this you can easily wipe the infection, replace the hard drive and restore with minimal impact.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.