We cought to buy a key

[orangesystemspro]

Actual information! 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX - this is BTC wallet, where we paid 300$ at the start of petya 2017 spreading.

Here is a key that we received from hackers: 2afc76af-5cc2-11e7-a303-881032d40cc6 - it worked (all files were decrypted)

[aguinet]

Do you have the associated "installation key"?

[aguinet]

Moreover, are you sure the files whose extension is listed here https://github.com/aguinet/petya2017_notes#encryption-process-1-pre-reboot do not have their first megabyte encrypted? Do you know which sample hit you?

[orangesystemspro]

i know that in 2016 was petya (https://xakep.ru/wp-content/uploads/2017/06/129680/Petya-RansomNote.png)

but i was hit by new petya (https://blog.cyren.com/tl_files/blog/images/breaking%20down%20petya%20blog/breaking-down-petya-2.png)

[orangesystemspro]

i have 29 crypted PCs with simple petya (https://blog.cyren.com/tl_files/blog/images/breaking%20down%20petya%20blog/breaking-down-petya-2.png)

[orangesystemspro]

but i cought to recover only 1PC by buying key

[orangesystemspro]

File we sent to hackers after payment http://savepic.ru/14682284.jpg

[aguinet]

so you had to pay twice right?

[aguinet]

at least you had to send two "ransoms" information? (the one of the bootloader and the one from this readme)

[orangesystemspro]

no, i paid once. I sent bootloader as an example to show that it was petya 2017. That was not my bootloader, only example.

and now i sent actually the file i sent to hackers..

[aguinet]

Okay so you are waiting for them to send you the second "decryption key"? I thought the mail was dead?

[orangesystemspro]

no, i already received a key - 2afc76af-5cc2-11e7-a303-881032d40cc6 and pc was decrypted