A security firm says it has managed to decrypt files damaged by the recent Petya ransomware attack,
on one infected computer.
The company says in a blog that the creators of the ransomware made mistakes in programming the encryption algorithm Salsa 20 that was used with administration rights.
However Positive Technologies said the concept is currently too technical for most average computer users to run.
“Once you have a proof of concept of how data can be decrypted, the information security community can take this knowledge and develop automatic tools, or simplify the methodology of getting the encryption reversed,” said the firm’s Dan Tara.
Earlier this week the perpetrators of the attack appeared to have accessed the ransom payments they raised and made fresh demands. The email address that was provided was initially shut down meaning that they were not contactable by victims who chose to try to pay.
The research team’s finding only works on the recent Petya ransomware and its variants.
“It doesn’t look like a working solution yet but it gives cause for hope,” said security expert Prof Alan Woodward, from the University of Surrey.