Almost a week after Petya ransomware hit major enterprises and nations across the world, the alleged hackers behind the cyber attack took to DeepPaste and Pastebin to demand a ransom to unlock the data they had encrypted. The hacker group has demanded around 100 bitcoins ($256,000 approx) in exchange for the private encryption key. According to a report in Motherboard, the hackers claim to have access to encryption key to decrypt all computers. They did not provide a bitcoin address to send payment, instead posted a link to a chatroom where people can contact them.
“In an unexpected twist on Tuesday, the hackers gave their first sign of life since the attack,” the report read. “The authors of the announcement asked for 100 bitcoin (roughly $256,000 at the time of writing) in exchange for the private key that supposedly decrypts any file encrypted with the NotPetya ransomware,” it added.
Meanwhile, hackers connected to the attack have emptied their original bitcoin wallet that contained close to $10,000. Two small donations to PasteBin and DeepPaste were made as well, before the entire amount was transferred to a different wallet. The hackers claim that they can decrypt the files is interesting. This is because research from Kaspersky and other security firms has indicated the Petya version used in this attack was a wiper, not an ordinary ransomware. According to these security firms, the hackers aimed at mass destruction of data, rather than just collecting money.
Petya ransomware cyber attack took place on June 28. It affected about 300,000 computers globally, with India ranked as the seventh most impacted nation by Symantec. Ukraine, the US and Russia were among the worst hit by Petya. Other countries include France, the UK, Germany, China and Japan. Researchers believe that Ukraine is where the attack likely originated.
Petya ransomware locked up computer’s files and demanded $300 Bitcoins as ransom to unlock the data. Once the malware infects the computer, it waits for an hour or so, and then reboots the system. After the rebooting, the files are encrypted and a user get a ransom note on their PC asking them to pay up.