A post appeared on DeepPaste demanding 100 bitcoins ($256,300; £198,500) for a “private key to decrypt any hard disk” affected by the attack on this Tuesday.
It looks like the hackers responsible for the massive ransomware outbreak that crippled Ukraine last week and infected some of the world’s biggest industrial companies, from Maersk to Merck, are posting messages demanding more Bitcoin to unlock victims’ files.
In a post on Pastebin, an unnamed party wrote: “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).” They also provided proof they were the real hackers with a signature for the the malware’s private key.
“It means that whoever posted this message has private key to decrypt the data encrypted by the NotPetya malware,” said Anton Cherepanov, ESET senior malware researcher, the first to check the private key’s validity. “With this key it is possible to decrypt only files, but not boot disks. Because in the case of boot disk a different encryption method is used.“
Meanwhile, the hackers have also been moving Bitcoin around. As of Tuesday night, the wallet that was used to gather funds from unfortunate victims, who’d been asked to cough up $300 in Bitcoin, was almost completely emptied. Two small transfers of 0.1 Bitcoin went to donations for Pastebin and DeepPaste, both sites often used by hackers to post details of their escapades. But almost all remaining funds, totalling 3.96 Bitcoins, went to a new address of unknown origin.
“Based on the data collected, it possible that the first two small transactions were just a test before spending the proceed of the ransom campaign,” suggested Giancarlo Russo, founder and CEO at cryptocurrency tracking firm Neutrino and a former member of Italian surveillance outfit Hacking Team.
Although the majority of the detected attacks occurred within Ukraine, according to analysis by security firm Eset the malware also affected businesses across the world. Ukraine has accused Russia of being involved in the attack, but the Kremlin has denied any responsibility.
In the same day, one of the world’s largest cyber-currency exchanges is under investigation after it acknowledged that one of its employee’s PCs had been hacked. Hackers steal Bitcoin funds from South Korea-based Bithumb exchange traders. Bithumb has said that it believes personal details of more than 30,000 of its customers were stolen as a result.
According to BBC, Forbes