Information has appeared on how to cure a computer infected with the Petya virus

In particular, a user who is registered on Twitter under the nickname Leostone was able to crack the encryption of the malicious virus. He created a genetic algorithm that can generate the password needed to decrypt the Petya computer encrypted by the virus.

A genetic algorithm is a search algorithm used to solve optimization and modeling problems by randomly selecting, combining, and varying desired parameters using mechanisms similar to natural selection in nature.

Leostone posted its results on the website, where all the necessary information for generating decryption codes is located. Thus, the victim of the attack can use the specified site to generate a decryption key.

So, to use the Leostone decryption tool, you will have to remove the hard drive from your computer and connect it to another PC running Windows OS. The data to be retrieved is 512 bytes, starting at sector 55 (0x37h). This data must then be converted to Base64 encoding and used on the website https://petya-pay-no-ransom.herokuapp.com/ to generate a key.

For many users, retrieving certain information from affected hard drives is a problem. Fortunately, Emsisoft expert Fabian Vosar came to the rescue and created the Petya Sector Extractor tool to extract the necessary information from the disk.

After the user connects the encrypted disk from the infected computer to another PC, they need to run Fabric Wosar’s Petya Sector Extractor, which will detect areas affected by the encryptor. Once Petya Sector Extractor has completed its work, the user needs to click the first Copy Sector button and go to Leo Stone’s sites (https://petya-pay-no-ransom.herokuapp.com/ or https:// petya-pay-no-ransom-mirror1.herokuapp.com/), pasting the copied data via Ctrl+V into the text input field (Base64 encoded 512 bytes verification data). Then return to Fabian Vosar’s utility, click the second Copy Sector button and again copy the data to Stone’s website, pasting it into another input field (Base64 encoded 8 bytes nonce). After filling out both fields, the user can click Submit and start the algorithm.

After filling out both fields, the user can click Submit and start the algorithm.

The site must provide a password to decrypt the data, after which you need to return the hard drive to the affected computer, start the system and enter the received code in the ransomware window. As a result, the information will be decrypted.