An anonymous security researcher has published code that can unlock the encryption used by the Petya ransomware that surfaced last month.
The ransomware – first spotted hitting German computer users – reboots the infected Windows PC, pretends to run a CHKDSK program while encrypting the hard drive's file system tables, overwrites the master boot record, and reboots. After the machine restarts, the malware's code is booted rather than the operating system, and it demands 0.9 Bitcoin ($381) in exchange for a key code to recover the system's files.
But, according to a researcher going by the Twitter handle leo_and_stone, the malware writers made a mistake. He explained that an infection of his father-in-law's PC got him examining the code and finding weaknesses in the software nasty's design.
"Well, I always like a challenge ... the hard task of analyzing and reimplementing the modified salsa algorithm is done," he said. "So, here it is for everyone to play and experiment with. Btw, paying ransom isn't that much of a challenge."
For one thing, the malware uses Salsa10, as opposed to the more secure Salsa20 algorithm, to decrypt a 512-byte verification sector stored in sector 55 on the drive. The typed-in key is combined with a nonce also stored on the drive to decrypt the verification sector using Salsa10. If the sector converts to a good value, the malware proceeds with the decryption of the master file table and restores the master boot record.
With this in mind, the researcher managed to jury-rig together a genetic algorithm that would study the verification sector and deduce the unlock key within about 30 seconds. He has now put up a website that allows victims to crack the key and unlock their computers.
To so, though, you will need to copy two sets of data from the raw disk: the 512-byte verification sector and the eight-byte nonce.
"I know the code is a mess, but I was kinda in a hurry ... i also had to hack into the genetic lib 'cause its not compatible with go1.6, concurrent map read/writes panics," the researcher noted.
The code appears to work, according to early reports, although it does require a fair amount of technical knowledge to use. This isn't the first time bad coding has defeated ransomware builders, but people can't rely on that to defeat the criminals.
"In all likelihood, the author(s) of Petya have already heard about Leostone's tool and are modifying their code to disallow the solution as we speak," said security blogger David Bisson.
"Such is the tradeoff in information security. As soon as the security industry announces something good, malicious actors begin working on ways to manipulate it or render it useless."
Ransomware is increasingly becoming popular among thieves online, since it provides a very direct source of funds without needing to employ money mules or overseas bank accounts. Instead, the operators of the code can get hundreds of thousands of dollars in ransoms and use that cash to invest in more potent code.
Initially ransomware spread by socially engineering recipients to download the malware, but we've already seen the first examples of the malware spreading via network shares and, in an advisory on Monday, Cisco's Talos security team warned that IT administrators and coders would have to respond.
"For too long, critical security controls and best practice for enterprise network security has been publicly praised and privately ignored," the team said.
"Drop-in appliances and security solutions can only do so much to protect the network, and will do little to stop this threat if networks continue to be architected and expanded without defense in depth in mind. If enterprises don't start making strides towards defensible architecture today, massive ransoms may end up getting paid tomorrow." ®