The new ransomware (Petya) attack, currently hitting a large number of countries around the world, such as Ukraine, the UK, India, the Netherlands, Spain, Denmark, and many others. The new ransomware uses the contact details of “[email protected]” and demands for a payment of $300 in Bitcoin.
The malware is spreading quickly using the same Windows SMBv1 vulnerability that the WannaCry ransomware used to attack about 300,000 devices around the world.
Almost 45 victims have now paid total $10,500 in Bitcoins in hope to restore their encrypted files back, but sadly, they would not because the email address, which was created by the hackers to contact with their victims and send the decryption keys to them, was suspended by the German mail provider quickly after the attack.
Kaspersky security researchers said:
“Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that after disk encryption, the threat actor could not decrypt victims’ disks,”
“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware like Petya/Mischa/GoldenEye this installation ID contained the information necessary for key recovery.”
Many security researchers and even Microsoft researchers said that MeDoc (Ukrainian tax accounting system) was breached and the malware was spread via the system updates.
