Tuesday’s massive ransomware outbreak was, in fact, something much worse | Ars Technica

Researchers at antivirus provider Kaspersky Lab, in their own blog post published Wednesday, also labeled the previous day’s malware a wiper. They confirmed Suiche’s finding that the damage was irreversible. In an e-mail, they wrote:Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that, after disk encryption, the threat actor could not decrypt victims’ disks. To decrypt a victim’s disk, threat actors need the installation ID. In previous versions of “similar” ransomware like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. ExPetr does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.

Source: Tuesday’s massive ransomware outbreak was, in fact, something much worse | Ars Technica