The hackers responsible for last week’s globe-spanning ransomware attack have made a public statement for the first time since the attack.
The group responsible for #NotPetya have allegedly surfaced on the deep web with a statement offering the decryption key to all files encrypted by the ransomware they unleashed from Ukraine last week.
The post was first picked up by Motherboard after the group used the Bitcoin wallet associated with the ransomware to make a small donation to the Tor-only announcement service DeepPaste, which is where the message appeared.
The message makes a request for 100 bitcoins, which is over $250,000 in today’s market.
According to The Verge, “the message includes a file signed with Petya’s private key, which is strong evidence that the message came from the group responsible for Petya. More specifically, it proves that whoever left the message has the necessary private key to decrypt individual files infected by the virus.”
There was also a link to a chatroom included in the messages. During an interview conducted in the chatroom, someone claiming to be one of the malware authors told Motherboard that the price was so high because it’s for the key “to decrypt all computers.”
Motherboard offered the unknown group an individual file that had been decrypted by the malware and asked them to send it back decrypted as proof that they had the decryption key. The unknown individuals in the chatroom were unable or unwilling to decrypt the file.
Some are still convinced that this attack has nothing to do with money or ransomware.
“This is a fear, uncertainty and doubt case,” claimed the founder of Comae Technologies Matt Suiche in an online chat with Motherboard. “This is a clear attempt from the attackers to try to further confuse the audience by changing the wiper narrative into a ransomware one again.”
“DoubleFalg”, a popular darknet vendor, is selling user data from 11 different bitcoin forums, obtained between 2011 and 2017. HackRead obtained a screenshot of the information for sale on the darknet, at the equivalent of $400 in bitcoin.
We know that many of our members also use some of these forums, and we are urging everyone to update their passwords and account information immediately.
The database information for sale contains the following:
- Email Address
- Date of Birth
- Cellphone Number
- Website URL
After a hack this big, anyone related to the industry in which it happened should take reasonable safety measures to ensure their information is not at risk. Update your passwords and use a password manager, delete old accounts with personal information if you are no longer using them, and follow our 10 steps for better internet safety!