It seems that the hackers responsible for the severe NotPetya virus that disabled Ukraine last week and infected some of the biggest industrial companies in the world, now claim more bitcoins to unlock the files of the victims. In fact, they now demand a hundred bitcoins, which is equivalent to the astonishing sum of $ 256,000.
In a post published on the Pastebin website, an anonymous user wrote: "Send me 100 bitcoins and you will have my decryption key to decrypt any hard disk (except startup disks)."
The hackers have also provided evidence confirming that they are indeed the hackers in possession of a signature for the key to decrypt the malware. The key has been verified for Forbes by two malware researchers, both confirming the facts corroborated by the hackers.
What does that mean ? "This means that anyone who posted this message holds the decryption key to decrypt the data encrypted by the NotPetya virus," explains Anton Cherepanov, a malicious software researcher at the Slovak technology company ESET. Anton Cherepanov was the first to verify the validity of the key. "With this key you can only decrypt files, not boot disks. In the case of boot disks a different encryption method is used. "After infecting the PCs, NotPetya first encrypts some files and then passes to encryption of the boot disk (the part of the computer that manages the launch Of the operating system and all the data that it controls) after restarting the PC.
In a post published on the Pastebin website, an anonymous user wrote: "Send me 100 bitcoins and you will have my decryption key to decrypt any hard disk (except startup disks)."
The hackers have also provided evidence confirming that they are indeed the hackers in possession of a signature for the key to decrypt the malware. The key has been verified for Forbes by two malware researchers, both confirming the facts corroborated by the hackers.
What does that mean ? "This means that anyone who posted this message holds the decryption key to decrypt the data encrypted by the NotPetya virus," explains Anton Cherepanov, a malicious software researcher at the Slovak technology company ESET. Anton Cherepanov was the first to verify the validity of the key. "With this key you can only decrypt files, not boot disks. In the case of boot disks a different encryption method is used. "After infecting the PCs, NotPetya first encrypts some files and then passes to encryption of the boot disk (the part of the computer that manages the launch Of the operating system and all the data that it controls) after restarting the PC.
In other words, hackers who have made the request for bitcoins are surely responsible for the NotPetya computer attack, but they can only recover some files, not all hard drives. A researcher called MalwareTech, who also verified the legitimacy of the key, was puzzled as to why the hackers did not provide a demo video showing a key-unlocked file, which would have Proved from the outset that they were the true authors of NotPetya. On a forum of the darknet, put in link in the post of the site Pastebin, the administrator Petya did not answer the questions concerning this video of demonstration.
Bitcoins who have the swing
Moreover, the hackers seem to have moved bitcoins from one place to another. On Tuesday evening, the purse that was used to raise funds from the unfortunate victims, who were asked to raise $ 300 in Bitcoin, was almost entirely empty. Two small transfers of 0.1 bitcoin served as donations to the Pastebin and DeepPaste sites, both of which were often used by hackers to post details of their adventures. Most of the remaining funds, totaling 3.96 bitcoins, were sent to a new, unknown address.
"Given the data collected, it is possible that the first two transactions, of a small amount, were only a test before moving the rest of the bitcoins collected as part of the ransom demand," suggests Giancarlo Russo, founder and CEO of the crypto-currency tracking company Neutrino, and former member of the Italian computer security company Hacking Team.
Initially, the researchers feared that the files would be completely unrecoverable. Firstly because the email address controlled by the hackers to communicate with the victims has been decommissioned by the provider; Then, because the key to be used on the boot disk seemed inaccessible.
If the latest information from hackers reveals a glimmer of hope, the high amount claimed by these hackers prompts researchers to consider whether it is not just another act of disorientation committed intentionally by cybercriminals . Cybercriminals that Ukraine said supported by a nation: Russia. The Kremlin, in parallel, denies these allegations.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://steemit.com/bitcoin/@hicmaster/hackers-at-the-origin-of-notpetya-claim-usd-256-000-in-bitcoin
Source: https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5b8ba77f6cf9
Not indicating that the content you post including translations, spun, or re-written articles are not your original work could be seen as plagiarism.
Some tips to share content and add value:
Repeated plagiarized posts are considered spam. Spam is discouraged by the community and may result in action from the cheetah bot.
Thank You! ⚜
If you are the author, please reply and let us know!