The text provides an in-depth analysis of methods to decrypt systems infected by Petya/NotPetya ransomware, focusing on exploiting crypto flaws such as keystream reuse and short periodicity. It discusses techniques like decrypting the Master File Table (MFT) to gather potential plaintext, which aids in reconstructing the keystream for decrypting files. The approach involves three main strategies for handling uncertain plaintext: using location-aware histograms for structured files, estimating byte probabilities for unstructured files, and leveraging metadata in MFT records for known files. The text also describes the creation of a "ground truth" using data from various Windows installations to support these methods. Results from synthetic tests and real-world cases show a high recovery rate of encrypted files, though the process requires manual interaction, which the authors aim to minimize before releasing a public decryption tool. They encourage those affected by Petya or NotPetya to contact them for assistance and highlight the potential of the CrowdStrike Falcon platform in preventing ransomware attacks.