Bitcoin-Demanding Ransomware Petya Asks $250,000 For Decryption Keys

in #bitcoin7 years ago

Bitcoin-Demanding Ransomware Petya Asks $250,000 For Decryption Keys

​Sophisticated bitcoin-demanding ransomware Petya, which launched a successful large-scale global attack earlier in June, has started to take a different approach to extort ransom in bitcoin from victims.

Instead of providing unique decryption keys for $300 individual bitcoin ransom payments, the hacking group behind Petya revealed it is offering a unified decryption key which can decrypt any files encrypted or infected by the Petya ransomware.

Petya’s announcement on the Tor-based platform DeepPaste first discovered by Motherboard read:

“Send me 100 bitcoins and you will get my private key to decrypt any harddisk (except boot disks). See the attached file signed with the key.”

Analysts explained that the file attached by the developers of Petya which was signed with Petya’s private key proves that the message is legitimate and is from the developers behind Petya. More importantly, analysts noted that the attachment of Petya’s private key provided strong evidence that whoever made the announcement on DeepPaste has the unified decryption key that can be utilized to recover any ransomware-infected files.

On June 27, Petya launched its global ransomware attack, encrypting and infecting devices concentrated in Europe. Sources including Business Insider revealed that the Petya ransomware attack affected the Ukrainian government, major oil companies, banks and large-scale conglomerates.

A photograph of a device infected by the Petya ransomware showed that Petya was demanding a single payment of $300 to receive decryption keys and to recover their files.

“If you see this text, then your files are no longer accessible, because they have been encrypted. We guarantee that you can recover all your files safely and easily, all you need to do is submit the payment and purchase the decryption key. Send $300 worth of bitcoin to the following address,” read the message from Petya.

However, victims that paid the $300 payment to recover their files weren’t provided with the decryption key because the email service provider of the Petya developers already suspended and terminated the email addresses associated with the Petya ransomware.

Email service provider Posteo announced:
“Our legal team checked this immediately - and the mailbox was immediately blocked. We do not tolerate any misuse of our platform: The immediate termination of abused mailboxes is a usual procedure of providers in such cases. At the time of the blocking, there was no reporting on the ransomware.”

Posteo’s immediate response to the Petya ransomware attack made it virtually impossible for victims to receive their decryption keys because the developers behind Petya could no longer confirm who sent the $300 bitcoin payment. More importantly, Posteo’s termination of Petya’s email addresses led to the discontinuation of the Petya ransomware attack, as the hacking group could not monetize its attacks.

In essence, Petya’s $250,000 offer for a unified decryption key is an ultimatum. The developers behind Petya is willing to end its ransomware attack and terminate its operations with a single payment of $250,000 made in bitcoin.

Sort:  

Source: https://bitconnect.co/bitcoin-news/638/bitcoin-demanding-ransomware-petya-asks-250000usd-for-decryption-keys

Not indicating that the content you copy/paste is not your original work could be seen as plagiarism.

Some tips to share content and add value:

  • Using a few sentences from your source in “quotes.” Use HTML tags or Markdown.
  • Linking to your source
  • Include your own original thoughts and ideas on what you have shared.

Repeated plagiarized posts are considered spam. Spam is discouraged by the community, and may result in action from the cheetah bot.

Creative Commons: If you are posting content under a Creative Commons license, please attribute and link according to the specific license. If you are posting content under CC0 or Public Domain please consider noting that at the end of your post.

If you are actually the original author, please do reply to let us know!

Thank You!