The Petya malware had most of the data of the business sector of Ukraine encrypted. It had created hustle bustle situation in Ukraine. Looking at the devastating effect of the cyber attack, a group of researchers from a security-based firm has found out a solution of decrypting files damaged by the ransomware. The infected computers hope to be recovered sooner than later.
However, one compulsion is that the solution works only if the computers privileged the access after the ransomware attack. The solution has been created by the company named Positive Technologies and on a practical basis for the program to run the average computers is slightly difficult. Once the data decryption code is found, the security group takes the codes and automatic tools to help reverse the encryption process. This has been possible only due to the error in the hackers who had programmed the encryption algorithm “Salsa20.”
Though the recovery of the data through this method may take several hours it is a fool-proof concept. The results of such excellence were not expected by the security firm. The accession to the data from the hard drive was made easier by this method. Currently, keeping a track of how many victims have their computer administrations privileged is unknown. In order to recover the data totally, the factors such as the free space, fragmentation, and disk space play an important role. For the whole recovery of data, there is a need of standard files such as Operating Systems (OS), various important applications, and some known values.
If this new solution wasn’t available then the only way out was to obtain the private key from the culprits behind the ransomware by paying them and getting the data encrypted. The email address provided by the criminals was not accessible for certain victims. According to the researchers, the solution works on the Petya ransomware or its variants infected computers. The Salsa20 is an algorithm that is activated once the malware has access to the admin. The algorithm then infects the Master File Table of the device such that the data are lost forever.
What’s the catch is that the research team has been able to find out that a certain part of the Master File Table is not infected, and through this, the data can be recovered. The boot disk consisting of the operating system can also be recovered. Looking at how the Petya culprits have accessed the ransom payment and demanded for more payments, the security officials have to investigate the matter with great concern.
