�� Petya Ransomware ��

Sat, 30 Mar 2019 14:36:28 +0300

�� Petya Ransomware ��  � �� .
�� , �� , �� . � �� .

�� - �� Petya Ransomware,

====quote====
DrWeb: Trojan.Ransom.369
ESET-NOD32: Win32/Diskcoder.Petya.A
Malwarebytes: Ransom.Petya
Kaspersky: Trojan-Ransom.Win32.Petr.a

=============
https://www.virustotal.com/gui/file/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739/detection

�� VM, �� Petya Ransomware (�� Red) �� . � �� �� , � �� , �� JanusSecretary (�� ) �� -��.

�� .

�� , �� hack-petya �� leo-stone, �� Petya Red:
https://github.com/leo-stone/hack-petya/releases/tag/v2.0.1

�� , �� antipetya_ultimate �� hasherezade, �� Red
https://github.com/hasherezade/petya_key/releases/download/0.2/antipetya_ultimate.iso

� ��, �� petya_key �� hasherezade �� (� �� ====code====

e7QqD1pTUSGnkqKaHce5qfTZnkNG9CdTuqkGHNyYeCQad4RBmHspgMv7Wi8w517oCMBKH66rqSTE4nfRvKCSopCteN)

============= ), �� , � �� 64 �� .

�� 64�� Winpe + �� DMDE

====quote====
DMDE �� NTFS/NTFS5, FAT12/16, FAT32, exFAT, Ext2/3/4, HFS+/HFSX, ReFS (Beta) � �� Windows 98/..XP/..7/..10, Linux, macOS, DOS (�� ).

=============
�� hack-petya �� PETYAEXTRACTOR.EXE:
---------
�� , � �� , �� .

�� : �� antipetya_ultimate � ��, �� , � �� MFT.

�� : �� : �� , �� , �� plain text, �� , ��  ANSI Win 1251(�� online �� , ��, � UTF-8),
��, �� ID.txt � �� petya_key:

====code====

petya_key.exe ID.txt >>key.txt

=============

====quote====
Choose one of the supported variants:
r - Red Petya
g - Green Petya or Mischa
d - Goldeneye
[*] My petya is: Victim file: id.txt
[*] [+] Victim ID: e7QqD1pTUSGnkqKaHce5qfTZnkNG9CdTuqkGHNyYeCQad4RBmHspgMv7Wi8w517oCMBKH66rqSTE4nfRvKCSopCteN
---
[+] Your key : GES27jh1Evud5HCs
=============

��, �� , �� 100% ��. �� . � ��, �� .

��, �� Winpe, �� 0 �� 63 �� , �� *.bin � �� (�� hex-��: Winhex �� xwforensics) �� .

��, �� .

��, �� leo-stone, �� (� �� ), �� hasherezade.
====code====

GxSx7xhxExux5xCx: hack-petya �� leo-stone
GES27jh1Evud5HCs: petya_key �� hasherezade

=============
�� , �� -�� , �� leo-stone �� :
petya-pay-no-ransom.herokuapp.com � petya-pay-no-ransom-mirror1.herokuapp.com
�� , �� hack-petya. � �� . PetyaExtractor (F.Wosar) �� src.txt � nonce.txt � base64 �� (�� -�� ), � �� base64.

====code====

hack-petya.exe >>key.txt

=============
��:

��
G00000000 cb f0 82 97 9a 61 e2 1b 44 a2 db c8 92 96 04 82 \|.....a..D.......\| 00000010 00 06 80 0e 63 5a 7e 16 5e d6 5e cd 7a ce e8 ca \|....cZ~.^.^.z...\| 00000020 ca f0 02 97 9a 27 e2 db c4 a4 db c8 92 56 04 82 \|.....'.......V..\| 00000030 02 1c 80 4e 62 5a 7e 15 de 16 5e cb 7a cc eb ca \|...NbZ~...^.z...\| 00000040 ca f0 02 97 9a 63 e2 5b c4 a1 db c8 92 d6 04 82 \|.....c.[........\| 00000050 04 3e 80 ce 65 5a fe 14 5e 96 5e cd 7a cd e8 ca \|.>..eZ..^.^.z...\| 00000060 c9 f0 82 98 9a 2d e2 5b 44 a2 db c8 92 96 04 82 \|.....-.[D.......\| 00000070 06 04 80 ce 64 5a fe 14 de 16 5e cb 7a cc eb ca \|....dZ....^.z...\| 00000080 c9 f0 02 9e 9a 3f e2 9b c4 a2 db c8 92 56 04 82 \|.....?.......V..\| 00000090 08 26 80 ce 62 5a fe 15 de 56 5e cb 7a cb eb ca \|.&..bZ...V^.z...\| 000000a0 cc f0 02 98 9a 61 e2 1b c4 a4 db c8 92 96 04 82 \|.....a..........\| 000000b0 0a 22 80 8e 64 5a fe 14 de 56 5e cb fa cc eb ca \|."..dZ...V^.....\| 000000c0 cb f0 02 97 9a 61 e2 db c4 a2 db c8 92 d6 04 82 \|.....a..........\| 000000d0 0c 1e 80 8e 62 5a fe 15 de 56 5e cb fa cd eb ca \|....bZ...V^.....\| 000000e0 cc f0 02 9d 9a 43 e2 1b c4 a1 db c8 92 96 04 82 \|.....C..........\| 000000f0 0e 38 80 ce 63 5a 7e 15 de 96 5e cb 7a cb eb ca \|.8..cZ~...^.z...\| [61643 38786 24986 7138 41540 51419 38546 33284 1536 3712 23139 5758 54878 52574 52858 51944] Your key is: GxSx7xhxExux5xCx

��

-------------

-------------
(�), chklst.ru
30.03.2019 14:36:28, santy.

����� esetnod32.ru [����: �� ���������� ��� Petya Ransomware �� ����]

�� ���������� ��� Petya Ransomware �� ����

�� esetnod32.ru [��: �� Petya Ransomware �� ]

�� Petya Ransomware ��