Last week the world was struck by a vicious ransomware attack, dubbed as “Petya” which has been worming its way at a terrifying speed (read more here). Petya is still spreading by taking advantage of a Windows vulnerability which should have been patched by Microsoft last March.
On Wednesday, July 5th, the hacker group responsible for the cyber attack has made their first public statement by demanding 100 bitcoin (equals to $250,000) in exchange for the encryption key used to carry out the attack.
The message is genuine that it is from the hacker group responsible for the Petya attack because a file signed with Petya’s private key is included within the message. This means that the person(s) who sent that message are able to decrypt any infected individual files. Moreover, there is a link to a chatroom included within the message where the hacker group can negotiate the terms of the ransom, but it is now deactivated.
Up until this moment, no bitcoin transactions with this amount have been made, which means that their offer still stands. On the other hand, the group’s original bitcoin wallet which contained around $10,000 is being emptied out since the initial Petya attack. Two small donations have been tracked by Forbes to DeepPaste and PasteBin, and then the amount left was transferred to an anonymous account. It is assumed that that account is affiliated with a Bitcoin laundering service.
It is very baffling and not clear why this message was sent weeks after the initial Petya Ransomware attack. A lot of giant corporation have resumed operation after being attacked by the malware. On the other hand, it is widely assumed that this vile cyber attack was launched to cause massive damage to Ukraine’s infrastructure more than it is about collecting ransoms.