Jump to content
Tuts 4 You
Sign in to follow this  
Extreme Coders

Reversing the petya ransomware with constraint solvers

Recommended Posts

Extreme Coders

Ransomware is very common these days. Once it installs on a user machine it begins encrypting files.
When the user comes to know about the ransomware attack it is already too late. Unless the user has a backup, he/she must must pay the ransom to recover the files.
Luckily there has been cases where due to a faulty implementation of cryptography breaking such malware becomes feasible.
The recently discovered petya ransomware is an example.

This blog post is a short walk through on breaking the petya ransomware with a constraint solvers. Hope you like it & find useful.


  • Like 11

Share this post

Link to post

Hehe, just last week I said to myself - "how is it possible that Extreme Coders doesn't have a blog? He surely has lots of interesting things to write about!":) 

Keep on writing, I'll keep on reading!

  • Like 3

Share this post

Link to post
Extreme Coders

Thanks man.
Your works are a source of inspiration for many.

5 hours ago, kao said:

Hehe, just last week I said to myself - "how is it possible that Extreme Coders doesn't have a blog?

Hmm, that looks like telepathy. Blogging was not a priority for me, but decided to give it a go & it's not bad either.

Share this post

Link to post

These are some links stored @ 13 April 2016

Get your petya encrypted disk back, WITHOUT paying ransom!!! - generator @:


howto use generator - 


generator author - visit his dad - 



Debugging Petya bootloader with IDA




 0day - Ransomware 


CryptXXX Ransomware Will Now Steal Your Passwords as Well


New Cerber Ransomware Variants Morph Every 15 Seconds






Edited by whoknows (see edit history)

Share this post

Link to post

New version of "Petya.C"  



"Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe on Tuesday afternoon. 

In Ukraine, government departments, the central bank, a state-run aircraft manufacturer,  the airport in Kiev and  the metro network have all been paralysed by the hack."

New version is use vulnerability:

  • MS17-010 (used Wanna Cry);
  • CVE-2017-0199 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199)
  • CVE-2017-0144, EternalBlue (https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144)

More peoples already paid for a purse (Bitcoin):




Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
  • Create New...