In this presentation we will outline our findings about (Not)Petya's crypto flaws and how we were able to exploit them to decrypt infected computers.
At the end of June 2017, a malware outbreak plagued Ukraine and other parts of the world. The threat, quickly dubbed NotPetya after striking similarity to Petya had been discovered, encrypted infected systems at boot-level. A deeper analysis of NotPetya's cryptography revealed several rookie mistakes that enabled us to recover the encrypted hard drives. This talk gives some insights into NotPetya's flawed cryptography and how we were able to exploit them to eventually decrypt the infected hard drives.
Speakers: Sebastian Eschweiler