Click to Skip Ad
Closing in...

How to save your files from scary new ransomware without paying the ransom

Published Apr 12th, 2016 2:14PM EDT

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new type of PC ransomware hit users a couple of weeks ago and it’s some of the most dangerous malware of its kind. While previous ransomware apps would encrypt just specific personal data on a computer, Petya can encrypt a victim’s entire startup drive. That means you would not even be able to boot up your computer without the encryption password and in order to obtain it, you would have to pay the ransom.

However, it looks like there’s a critical error in Petya that lets anyone decrypt his or her hard drive for free, thanks to the work of a person who found the security hole in this malware tool – this goes to show that even hackers who create malware apps aren’t always able to ensure their security.

DON’T MISS: HTC 10 hands-on: The most surprising smartphone of the year

Explained by Ars Technica, the process requires a bit of work.

First of all, you need a second computer, one that’s not infected with Petya. Then, you need to remove the startup drive from the infected machine and connect it using an external enclosure. Then the victim needs to extract data from the hard drive: “specifically (1) the base-64-encoded 512 bytes starting at sector 55 (0x37h) with an offset of 0 and (2) the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21).” That sounds annoying, but a separate security expert created a Petya Sector Extractor tool that does the work for you automatically.

Once that’s done, simply input the data into a web app created by the person who found the flaw, @leostone, and you should obtain the password you need to decrypt the device. If this sounds too complicated, a step by step tutorial from Bleeping Computer will come in handy.

In addition to fixing your hard drive, you should also make sure you avoid falling for ransomware tricks in the future, as next time you might not be so lucky. Review your recent internet activity so you can figure how your PC was infected with Petya, and you can read more about this ransomware app at this link.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.