The public is finally hearing from the people behind the Petya attack. This marks the first time they’ve released a statement since the attack began to spread around the world, and they are demanding more money.
A Recap of the Petya Attack
It’s been over a week since the initial spread of the Petya virus, a malicious piece of ransomware software that took control of hundred of machines worldwide earlier last month. The initial round of attacks netted the programmers a cool $10,000 in Bitcoin, as each system that was infected received a ransom demand for $300 in exchange for the decryption keys for user’s files, along with an email to the hackers giving proof that the ransom was paid.
Unsurprisingly, the email inbox was taken down by the provider, Posteo, within a day or two, leaving the people who paid up out of luck in receiving the decryption keys. Despite this, the payments kept rolling in. Since then, the money in the address controlled by the attackers has been draining over the past few days, with only 0.045 bitcoins remaining in the wallet. Over 4.03 bitcoin has left the address, presumably going to Bitcoin mixing services which can effectively launder the stolen funds.
Petya Developers Re-emerge
The attacker or attackers released a statement a few days ago via the Tor-based website DeepPaste, a service similar to Pastebin which allows for anonymous parties to make announcements on the website. The announcement contained the signature of Petya’s private key, proving that they are the people behind the attack.
They are requesting 100 Bitcoins, a total currently valued at $256,000, to receive the private key that can decrypt any files stored on the computer, save the boot disk files as they have an entirely different encryption process. No transaction has been spotted on the blockchain with that amount of Bitcoin going to the attacker’s address, so it is unlikely any form of payment has been made, or even if it will be made.
http://bitcoinist.com/petya-developers-break-radio-silence-demand-250k/