Goldeneye Ransomware - the Petya/Mischa combo rebranded

Recovery from Petya ransomware

Victims of the Petya ransomware will be pleased to learn that there is a method to recover your files without having to connect the drive to a different computer. (I was unable to follow the original link to the sites put up by the author [1],[2] since they apparently are subject to time quota.)

Our own HASHEREZADE who posted an in-depth analysis of Petya a few weeks ago – and has posted about lots of other malware on our blog – has come up with a method that is much easier to perform. You can read about the method and her work underway on her personal blog, where she explains the best course of action in case you fall victim to this ransomware. To illustrate the procedure she also made a video and posted it on YouTube.

Hasherezade uses a bootable Kali linux DVD to run the tools necessary to recover the decryption key, regardless whether the infected computer has been rebooted or not. It is easier if the computer didn’t reboot after getting infected so we recommend disabling “Automatic Restart on System Failure”. As Hasherezade points out it is recommended to trial the method after making a full dump of the affected disk. Once you are sure you have the correct key, you can apply it to the compromised system itself.

By next week we expect to have an integrated application with no need to use the external webapp.