The creator of the original Petya ransomware has released the master decryption key for the malware. Not to be confused with last months Petya wiper outbreak, now dubbed by the media outlets as ExPet/NotPetya/EternalPetya, which ravaged across Europe. The decryption key only works for the original variants of the Petya ransomware family. The key will allow affected users to decrypt their files successfully.
The master key was released on Wednesday by the author of the original Petya virus who goes by the pseudonym Janus. The key can decrypt all three original versions of the malware including Red Petya, Green Petya, and GoldenEye. The key has been confirmed by Kaspersky Labs analyst Anton Ivanov and by Security Analyst Hasherezade. It is unknown why Janus has decided to release the master key. It also seems he is attempting to help people affected by NotPetya, which was created by using the stolen code of GoldenEye.
— Anton Ivanov (@antonivanovm) July 6, 2017
Users and organizations who maintained disk images of computers affected by the original Petya ransomware should be able to decrypt their files. Nonetheless, systems infected by the recent malware outbreak, NotPetya, will not be able to decrypt their systems. This is because NotPetya has several modifications that transformed it into a wiper malware. This means its purpose is not to collect a ransom but to encrypt a file system permanently. Users affected by NotPetya are recommended not to do any ransom payments given that the malware does not have the capabilities to decrypt the system.