Skip to main content

Sorry, but the Petya master decryption key can't help current NotPetya victims

master decryption key
Image used with permission by copyright holder
The developer behind the original Petya ransomware has provided a tool to help minimize the damage inflicted on infected PCs. It is in the form of a master decryption key to release the files held hostage by the ransomware. However, after close examination, it is incapable of unlocking PCs seized by the recent NotPetya “destruction-ware” epidemic.

Originally, the Petya ransomware was not designed to lock down an entire PC for ransom, but just specific files. It must be downloaded by the user and remains on the victim’s PC to encrypt files and demand money for a decryption key. There are two other non-destructive variants of Petya as well including one called GoldenEye.

Recommended Videos

However, NotPetya surfaced weeks ago using the Petya ransomware as a weapon. It is capable of hopping from PC to PC across the network using an exploit called EternalBlue, which Microsoft actually patched prior to the outbreak. That means businesses affected by NotPetya had yet to upgrade their machines, leaving them open to attack.

Once on a PC, NotPetya goes after the master boot record, thus overwriting the program that begins the Windows boot sequence. In turn, the table that keeps track of all files stored on the PC’s hard drive or solid-state disk is encrypted, making Windows unable to locate any file.

Once NotPetya encrypts a machine, it throws up a notice demanding money for the decryption key. In the early days, there was an account for receiving Bitcoin money from victims but that was quickly shut down. NotPetya continued to spread like wildfire with no way of regaining control of the infected machines.

However, on July 5, Janus Cybercrime Solutions jumped on Twitter and provided a link to a password-protected file located on a cloud-storage service. After cracking the password protection, researchers discovered it to be a master decryption key for the three versions of the Petya malware. They also realized that it has absolutely no effect on the current NotPetya epidemic.

Despite the key’s inability to unlock NotPetya-seized PCs, the master decryption key seemingly arrives too late. Petya and its variants mostly reined in 2016 and since then, victims have either paid the ransom or reformatted their PCs and reinstalled the software (which you should do from time to time anyway).

Even more, the master decryption key is not an out-of-the-box tool for anyone to use. Instead, it must be inserted into a stand-alone decrypter application. If anything, this master decryption key will help speed up current methods of recovering files encrypted by the Petya ransomware. This should come in handy for victims who may have replaced their PC’s entire storage unit and still have the drive on hand for future decryption.

Ultimately, this is bad news for NotPetya victims. Right now, the destruction-ware is seemingly locked down to the enterprise and business sectors, but that does not mean it will not jump ship into the mainstream waters. Make sure your version of Windows is up to date and follow our steps right here to prevent infection.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
My quest to fully remove Microsoft Edge is finally complete
Microsoft Defender and Edge Security settings are open on a PC monitor.

I'm on a mission to eradicate Microsoft Edge from my PC.

It's not a slight against Microsoft -- I just don't particularly care for the Edge browser compared to some of the other best browsers out there. But Edge is different because Microsoft has tried -- and mostly failed -- to court its massive Windows user base, with some unsavory tactics, including making it nearly impossible to set a different default browser to massive, screen-overtaking popups when searching for the Chrome installer.

Read more
Nvidia’s RTX 40-series is coming to an end
Three RTX 4080 cards sitting on a pink background.

Out with the old, in with the new. According to Board Channels, Nvidia has now halted production for nearly all of its best graphics cards as it shifts focus to the RTX 50-series. Only one GPU remains in production, and some of the cards that are the most in demand are no longer being produced.

Nvidia hasn't officially announced that it's sunsetting the RTX 40-series, but we've been hearing more and more reports that imply that might be the case. The RTX 4090 was among the first cards to go out of production, and the discontinuation appears to have immediately affected the markets. Nvidia's behemoth flagship was hard to come by at the best of times, and now, as no more new units are being produced, it's safe to assume that this situation won't improve. The cheapest RTX 4090 I could find on Amazon costs nearly $2,000, but you can still snag one for .

Read more
Rest in pieces: Nvidia is finally ditching GeForce Experience for good
The Nvidia app on the Windows desktop.

We've had the Nvidia app for a while, but now, it's available officially. About a year ago, Nvidia launched the Nvidia app into beta as a one-stop-shop for managing some of its best graphics cards, including grabbing new drivers, messing around with different features, and optimizing your game settings. Now, it's out of beta, officially replacing the legacy GeForce Experience and Nvidia Control Panel apps, and with some new features in tow.

One of the biggest draws of the Nvidia app initially was driver downloads. It may seem mundane, but you'd previously need to download GeForce Experience and create an Nvidia account for GPU driver updates. If you didn't, you'd have to search and install your drivers manually. The Nvidia app gives you access to new drivers, and notifies you when they're ready, all without an Nvidia login. Now, signing in is optional for "bundles and rewards" offered by Nvidia.

Read more