Skip to main content

Ransomware - Little Victories Are Welcome

Ransomware is not fun, nor is it meant to be. It's meant to cause such disruption and hardship that you can be persuaded to part with your hard-earned money to get your data back. 

There as a few pieces of good news; one is that awareness is growing, and this will hopefully encourage folk to be at least a bit more prudent in their daily computer use. 


Then there was the release of a new ransomware "vaccine" from Bitdefender, effective against a handful of the current strains of ransomware (at least in the short term).

More recently, there is a tool that actually allows you to decrypt (restore) a system infected with Petya, a nasty ransomware variation that encrypts components of the boot sector, rendering the boot volume useless. 

It's not a trivial fix, and is probably beyond most "Mom and Pop" PC users, but it's something their computer-savvy son or daughter could use to help them out.

To use [the software creator's] decryption tool you will need attach the Petya affected drive to another computer and extract specific data from it.  The data that needs to be extracted is 512-bytes starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21).  This data then needs to be converted to Base64 encoding and used on the https://petya-pay-no-ransom.herokuapp.com/ site to generate the key.
More details at BleepingComputer. And again, this is likely something the Petya makers will work to circumvent in the future.

Comments

Popular posts from this blog

VPN Use Is Up, Up, Up

Microsoft's Mild Mea Culpa Over Windows 10 Obscure Upgrade "Choice"

Q4OS Linux On An Old Windows Laptop