UPDATED 22:25 EDT / JULY 05 2017

INFRA

Ransomware after all? NotPetya hackers now demand 100-bitcoin payment

The hackers behind the NotPetya malware that made headlines in late June are back in the news again.

Now, the group is asking for a payment of 100 bitcoin ($256,000) for a decryption key for the malware despite security experts suggesting that NotPetya was never ransomware to begin with.

The demand was made in statements posted by those behind the malware on DeepPaste (this link requires Tor software to access) and Pastebin, two services popular with hackers wanting to make statements. “Send me 100 bitcoins and you will get my private key to decrypt any harddisk (except boot disks),” the statement reads, along with multiple addresses including two linked files, a Tor website address and various key authentication links.

In an interview with Motherboard, an alleged hacker linked to the group said that the price was high because the key on offer was “to decrypt all computers” infected with the malware. “It means that whoever posted this message has [a] private key to decrypt the data encrypted by the NotPetya malware,” Anton Cherepanov, a senior researcher at ESET spol. s r.o., told Forbes.

In another twist, the malware, alleged to have been a “wiper” in that allegedly deletes boot disk files may actually be a form of ransomware instead. Cherapanov claimed that the boot files have just been encrypted using a different method. “With this key it is possible to decrypt only files, but not boot disks. Because in the case of boot disk a different encryption method is used,” he added.

In related news, the same people behind the spread of NotPetya are also said to have moved payments they have received from their primary bitcoin wallet. Totaling 3.96 bitcoin ($10,309), the transfer saw the coins transferred to a new address of unknown origin.

The group’s reemergence online follows a raid by Ukrainian police against a company called Intellect Service that sells accounting software that is alleged to have been ground zero for the spread of NotPetya.

It’s not clear whether those behind the company were related to the creation of NotPetya or whether they were unwitting pawns in the attack. However, Ukranian police claim that the company was working with Russia to “undermine Ukrainian sovereignty” and that “they knew there was a virus in their software but didn’t do anything” about it.

Image: Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU