Internet users who have fallen victims to the aggressive Petya ransomware attacks over the past year are in luck. There is now a free tool that will allow them to decrypt their files if they hang onto them since then.
Petya is a ransomware program that first appeared in March 2016. It surprised security researchers at the time because unlike other file-encrypting ransomware programs that targeted specific file types such as pictures and documents, Petya damaged entire hard disk drives, leaving computers unable to boot.
Over the past year, Petya’s author, who uses the online alias Janus, created three separate versions of the malware program. These are known in the security industry as Red Petya, Green Petya and Goldeneye. Two other variants of Petya have also been discovered, but security researchers believe that these variants were created by unknown attackers who didn’t have direct access to Petya’s source code and instead modified its compiled executable code directly using reverse engineering tools with the goal of inserting their own encryption keys.
One of these two “pirated” versions is the destructive NotPetya malware program that hit many companies and organizations in Ukraine and around the world in June. The other version is known as PetrWrap and was used in targeted attacks against companies in March.