How to unencrypt your drive after a Petya malware infection

How to unencrypt your drive after a Petya malware infection

The Petya malware changed the ransomware scene in that, instead of encrypting all your files, it just encrypts the boot records and file tables of you hard drive making it super fast. Now, one man had enough and has managed to crack the encryption used by Petya.

Leo Stone has created a solution after having to deal with the infection on his fathers computer. There’s a bit of work involved, and it’s probably not for the faint hearted but, at least, there is a solution out there…for now. Leos solution uses defects in the original Petya implementation to decrypt the data, but these defects are most likely going to be patched pretty quickly.

You can get the scripts and instructions over at GitHub and there is a web based copy and paste solution as well. You’ll need to take the encrypted drive out of the computer and attach it to a working machine before examining the disk using a disk editor to get certain chunk of information.

Here’s what Leo has to say from the readme file on his GitHub page.

My easter visit to my father in law got me into this mess, excuse me. First news after the hello was:

“Someone was applying for a job, and i really, really needed to read his CV, so I entered the ADMIN-PASSWORD and now there is only this red skull …”

oh no, oh nooo

Well, I always like a challenge …, the hard task of analyzing and reimplementing the modified salsa algorithm is done.
So, here it is for everyone to play and experiment with. Btw. paying ransom isn’t that much of a challenge.

The code reimplements the hashing used to verify the entered key.

Some key points:

  • its salsa, yes, but it operates on 16-bit words, not 32-bit
  • its not salsa20, but salsa10, e.g. it shuffles the matrix only for ten rounds

Data Locations:

  • Nonce 8-bytes:
    • sector 54 [0x36] offset: 33 [0x21]
  • Encrypted Verification Sector 512-bytes:
    • sector 55 [0x37] offset: 0 [0x0]

The code reads a file “src.txt” which is the 512-bytes from sector 55, pulls the interesting words, xor’s them with 0x37 to give us the target output of the salsa hashing function.

It also reads “nonce.txt” which is the 8-byte nonce that was used in the attack.

Last, but not least, it fires up a genetic solver which gets us the key in a few seconds.

I recovered my key in say 10..30 seconds :), i just say Genetic Algorithms

PS: I know the code is a mess, but I was kinda in a hurry …, i also had to hack into the genetic lib ’cause its not compatible with go1.6, concurrent map read/writes panics.


Get the nonce and the verification sector of the encrypted disk via dd or some hexeditor, save them as nonce.txt and src.txt in the directory where the program is, start the program, wait some seconds, have the key.

Best use the key on an image of the victim disk, inside a vm … just to be on the safe side.

Leo Stone,


Oliver Marshall
Oliver works as Head of Sales at a leading provider of IT services to the education sector. Out of hours he's a runner with a limp, has a board game addiction and a owns a dog that looks like a badger.
Show Buttons
Hide Buttons