#NotPetya Hackers Demand $250,000 for Ransomware Decryption Key

The hackers responsible for last week’s globe-spanning ransomware attack have made a public statement for the first time since the attack.

The group responsible for #NotPetya have allegedly surfaced on the deep web with a statement offering the decryption key to all files encrypted by the ransomware they unleashed from Ukraine last week.

The post was first picked up by Motherboard after the group used the Bitcoin wallet associated with the ransomware to make a small donation to the Tor-only announcement service DeepPaste, which is where the message appeared.

The message makes a request for 100 bitcoins, which is over $250,000 in today’s market.

NotPetya hacker demands for 250000 on deeppasteAccording to The Verge, “the message includes a file signed with Petya’s private key, which is strong evidence that the message came from the group responsible for Petya. More specifically, it proves that whoever left the message has the necessary private key to decrypt individual files infected by the virus.”

There was also a link to a chatroom included in the messages. During an interview conducted in the chatroom, someone claiming to be one of the malware authors told Motherboard that the price was so high because it’s for the key “to decrypt all computers.”

Motherboard offered the unknown group an individual file that had been decrypted by the malware and asked them to send it back decrypted as proof that they had the decryption key. The unknown individuals in the chatroom were unable or unwilling to decrypt the file.

Some are still convinced that this attack has nothing to do with money or ransomware.

“This is a fear, uncertainty and doubt case,” claimed the founder of Comae Technologies Matt Suiche in an online chat with Motherboard. “This is a clear attempt from the attackers to try to further confuse the audience by changing the wiper narrative into a ransomware one again.”

cyber security internet safety privacy software malware network access apps secure logs

 

 



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s