Defeating the first version
•Mistakes in implementation of Salsa20 (publications: TG Soft,
Checkpoint)
•Tool for cracking the key, author: @leo_and_stone
•A clone of Leo’s tool, working as Live CD (authors: me, AlexWMF,
m0rb)
•Cracking takes from few seconds to few minutes
„ Petya uses only 8 on 16
Byte entered for the initial
key, this will permit to
obtain a way more easy
the key used to cipher the
MFT.”
source:
http://www.tgsoft.it/engli
sh/news_archivio_eng.asp
?id=718
@VirITeXplorer (TG Soft)
https://blog.malwarebytes.com/threat-analysis/2016/04/petya-ransomware/