Skip to main content
  1. Home
  2. Computing
  3. News

Has Petya ransomware locked you out of your PC? A new tool can let you back in

By

NotPetya ransomware
Experts share how to recapture your data without paying ransomware Trend Micro
If you unwittingly fell victim to the Petya ransonware, there’s a way to get your data back without paying hundreds of dollars. The solution may not be effective in defeating future Petya code if the code is changed in the future, but it works with the current version, according to BleepingComputer.com.

When your computer is hijacked by Petya, the entire drive isn’t encrypted. The actual area that’s encrypted and effectively renders your system useless until unlocked is a specific segment on the drive. The boot sectors hold information needed to fully operate and access all the data on your computer, and that’s what the malware locks down. When you enter the decryption code the Petya developers want you to purchase, the boot sector information is un-encrypted and everything is put back to normal.

Recommended Videos

But you don’t have to pay the ransom. If you’re comfortable removing your hard drive, attaching it to another Windows computer, and downloading and running free utilities created by two Twitter users, you can do it all yourself.

Related

First, remove your encrypted hard drive and attach it as a non-boot drive to a second computer.

The data you need to find the Petya boot information is a 512-byte string starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21). Of course, finding that yourself won’t be easy. You’ll want a utility created by Fabian Wosar, whose Twitter handle is @fwosar. Download his Petya Sector Extractor utility, save the zip file to your desktop, extract the file, and the run PetyaExtractor.exe. This program searches the required sectors of your drive to find the proper string of data.

The next step is to go to either of two websites created by Twitter user @leostone. With your browser go here or here. When you open either of @leostone’s sites you’ll see a screen with two boxes for information generated by Fabian Wosar’s extractor utility. Use cut and paste to enter the data in the boxes on either of the websites. Click the Submit button and your decryption key will be generated. Write it down.

The last step involves re-attaching your original hard drive to the infected computer, and re-starting. When you see the Petya screen, enter the key you wrote down. It should be accepted, and your computer should immediately start decrypting. It soon will be as it was before you were infected.

Detailed instructions for the above process are available at BleepingComputer.com. If you find these steps daunting, your best bet will be to call local computer support firms, and find one familiar with this process.

This method of defeating Petya works for now. If the code is changed to subvert this rescue procedure, hopefully people like @leostone and Fabian Wosar can help again.

Editors’ Recommendations

Topics
Bruce Brown
Bruce Brown
Contributing Editor
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
Zoom’s new AI tools will let you ditch meetings for good
A person conducting a Zoom call on a laptop while sat at a desk.

Zoom has introduced its own AI-inundated offerings, which are intended to help you keep up to date with business information within the videoconferencing app.

The first feature of the new service, called Zoom IQ will assist you with summarizing Zoom meeting conversations that took place in your absence. You can access these summaries through the Zoom Team Chat or email without having to initiate any kind of recording. Hosts of the meeting also receive an overall summary for sharing with the group, or for record keeping.

Read more
MiniGPT-4: A free image-to-text AI tool you can try out today
what is minigpt 4 screenshot 2023 04 26 at 06 55 pm

ChatGPT is great, but right now, it's limited to just text -- text in, text out. GPT-4 was supposed to expand on this by adding image processing to allow it to generate text based on images.

MiniGPT-4: Enhancing Vision-Language Understanding with Advanced Large Language Models

Read more
AMD Ryzen Master has a bug that can let someone take full control of your PC
A hand holding AMD's Ryzen 9 7950X3D processor.

AMD has just revealed that it spotted a new vulnerability in its Ryzen Master software. The bug sounds pretty dangerous -- it could potentially allow an attacker to take full control of your PC.

Here's everything we know about the vulnerability and the steps you need to take to secure your computer.

Read more