Researchers at the security firm, Positive Technologies, have managed to decrypt files which were encrypted in the latest Petya ransomware iteration, dubbed NotPetya. The researchers hope that they will be able to simplify their overly technical solution to the problem and help mainstream users reap the benefits of their work.
In a blog post, the company wrote:
“It turned out that the creators of NotPetya made an error in their implementation of the Salsa20 algorithm. Due to this error, half of the encryption key bytes were not used in any way. This reduction in key length from 256 to 128 bits, unfortunately, still does not leave any hope of decrypting data in a reasonable time. However, certain peculiarities of how the Salsa20 algorithm was applied allow recovering data, no key necessary.”
On the same day that the attack initially took place, Posteo decided to close access to the email account of the hackers meaning those affected couldn’t write to the hackers to confirm payment and request that their files be recovered.
Now that a proof of concept demonstrating how the data can be retrieved has been delivered, the information security community can develop automated tools which any technician could then apply to affected systems to salvage impacted files. Anyone who was putting off re-installing their operating system on damaged hard drives in the hopes that they'll be able to regain access to their data will now be able to breathe a sigh of relief.