Don’t Pay Ransom To Petya; You Will Never Get Your Files Back

The new ransomware (Petya) attack, currently hitting a large number of countries around the world, such as Ukraine, the UK, India, the Netherlands, Spain, Denmark, and many others. The new ransomware uses the contact details of “wowsmith123456@posteo.net” and demands for a payment of $300 in Bitcoin.

The malware is spreading quickly using the same Windows SMBv1 vulnerability that the WannaCry ransomware used to attack about 300,000 devices around the world.

Almost 45 victims have now paid total $10,500 in Bitcoins in hope to restore their encrypted files back, but sadly, they would not because the email address, which was created by the hackers to contact with their victims and send the decryption keys to them, was suspended by the German mail provider quickly after the attack.

Kaspersky security researchers said:

“Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that after disk encryption, the threat actor could not decrypt victims’ disks,”

“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware like Petya/Mischa/GoldenEye this installation ID contained the information necessary for key recovery.”

Many security researchers and even Microsoft researchers said that MeDoc (Ukrainian tax accounting system) was breached and the malware was spread via the system updates.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome