Last week Petya “improved” upon WannaCry’s attempt at a global ransomware attack. Now it has surfaced to make a public announcement.
On June 28th, 2017, Petya-like attackers booby-trapped the software of a Ukrainian financial software company. With it, they compromised many Ukrainian companies, the British advertising firm WPP, and countless other organizations.
As we discussed last week, this attack resembles a Petya ransomware attack from a year ago. Yet, there are significant differences, leading many to call this attack #NotPetya, among other things. For the purposes of this article, we use Petya and NotPetya interchangeably.
Cyber security experts agreed that Petya or NotPetya was an improvement in sophistication over the WannaCry ransomware attacks from earlier this year. Nevertheless, this Petya didn’t have an easy way to pay the ransom, leading some to believe that the attack’s purpose was simply to wipe files in a chaotic fashion.
NotPetya Asks for Payment
As reported by Motherboard, at around 9:20 UTC, an entity claiming to be NotPetya posted this message:
“Send me 100 Bitcoins and you will get my private key to decrypt any harddisk…”
Then, at 10:10 UTC, Petya emptied nearly $10,000 USD from a previously-used Bitcoin wallet into a different wallet just after sending small payments to Tor-only pseudo-message-boards DeepPaste and Pastebin.
100 Bitcoins is valued at around $250,000 USD.
Despite Petya not providing a Bitcoin address for sending the ransom, they did link to a dark web chatroom where they could be contacted regarding payment.
Motherboard sent an interviewer into the chatroom to ask Petya why the ransom amount was so expensive.Petya NotPetya requested 100 Bitcoins on DeepPaste for decryption key.Click To Tweet
Reportedly, “one of the hackers told Motherboard that the price was so high because it’s for the key ‘to decrypt all computers.'”
It’s impossible to make a definitive link between these “hackers” posting messages on DeepPaste and last week’s Petya attack right now, but what is for certain is that the owner of the Petya Bitcoin wallet did, in fact, move the currency contained within.
Now we’ll just have to wait and see if any companies fork over the cash to recover *some* of their encrypted files.