This site may earn chapter commissions from the links on this page. Terms of utilize.

The story of final week's NotPetya ransomware outbreak has taken an unexpected turn. The ransomed funds take remained idle in a Bitcoin wallet e'er since the attack was mitigated by Ukrainian regime, but now the money is on the move. Someone claiming to be backside the attack has withdrawn the funds and posted a new ransom demand. For the low price of 100 Bitcoins, he or she volition manus over the chief decryption keys for the NotPetya malware.

The NotPetya ransomware started hitting computers in late June, only weeks later the similar WannaCry attack occurred. In fact, both pieces of malware used the EternalBlue Windows exploit exposed by leaked NSA documents. Like all ransomware, NotPetya encrypts files when information technology hits a new machine, then pops up a notice to send Bitcoins to a certain address in commutation for the key. NotPetya came with the added bonus of deleting certain system-level files, which rendered machines unable to kick. It appears the intention was never to provide the encryption keys at all.

That makes the latest motility all the more than confounding. The Bitcoin blockchain is public, so researchers and authorities were watching the wallet address that received payments for NotPetya. The wallet was sent around four Bitcoins, which works out to over $ten,000. At $300 per bribe, that works out to more than 30 victims paying up at $300 each. And they probably got nix in render.

The funds were of a sudden withdrawn from the wallet yesterday and routed to three other wallets. One was a previously empty wallet set up by whoever moved the coin. The other 2 are endemic past PasteBin and DeepPaste, services often used by hackers to announce their exploits.

petya_statement

Presently subsequently the transfer, the Tor-but DeepPaste posted a message allegedly from the NotPetya author enervating 100 Bitcoins in commutation for the principal decryption keys. The message says no boot disks can be recovered (considering of those deleted files), merely files that were encrypted tin exist recovered. If someone bought the primal, they could theoretically try to extort funds from those already infected with the malware. Even so, they'd take to be very successful at it to make back the $261,000 investment.

It's nevertheless unknown who was behind the attack. Ukraine, which was the target of most Petya infections, has blamed Russia. Cybersecurity experts are surprised the coin was moved at all, as information technology would be difficult to withdraw information technology anyplace without beingness tracked. Information technology's possible the unabridged thing is a ruse intended to deflect investigators, merely but someone involved with NotPetya could have accessed the Bitcoin wallet. They're even so out in that location.