Original Petya Ranomware Developer Released Master Decryption key after Year

The developer of original Petya Ransomware namely “Janus Cybercrime Solutions” has released master decryption key for all the Petya versions. According to the developer, since NotPetya is not their creation hence this decryption key will not be functioning with it.

Till now, there has been three variant of Petya ransomware released. The first version used to flash a white skull on black background on the computer screen as soon as the System is booted. This was followed by the second Petya version which used to flash green skull in same black background on System boot-up. This version was also referred as Mischa ransomware. The third version named as GoldenEye ransomware flashed yellow skull on black background during the PC boot-up.

The “Janus Solution” released the masker key through Twitter which had linked for Mega.nz where master key files as uploaded. Thanks to security researchers from Malwarebytes security team “Hasherezade” who cracked the file and released it publically.


Here is our secp192k1 privkey:


We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the “Personal Code” which is BASE58 encoded.”

“Antan Ivanov from Kaspersky Lab Security confirmed the validity of this decryption key through his Twitter account. This decryption is a server side private key which works much faster than the decryption key released by cyber-experts for decrypting first two version of Petya Ransomware. Though Petya is quite an old ranomware and most of its victims has already wiped out their PC or paid the ransom money but still this will be helpful for users have saved a copy of encrypted files by cloning the drives.

Master Decyrption Key is Not valid for NotPetya Ransomware

Unfortunately, this public decryption key will not be functional for NotPetya because its behavior is totally different and it uses a different encryption routine. May be Janus has released this master decryption key after one year of Petya ransomware  release in order to prove that he is not behind the latest NotPetya Storm.