The perpetrators reportedly accessed the ransom payments they accumulated during the Petya cyberattack and moved the payments — totaling roughly $10,300 in bitcoin — to external platforms July 4.
The perpetrators proceeded to post a public statement on DeepPaste, a text-sharing service hackers use to discuss their work, according to BBC. The post said the perpetrators will provide a “private key to decrypt any hard disk” hit by the Petya attack in return for 100 bitcoin, or roughly $256,300.
The availability of a potential “key” complicates the idea Petya is a “wiper,” which permanently destroys files, rather than a ransomware — a theory put forth by multiple security experts. “As far as we can tell, there’s no way to actually decrypt affected PCs even if you paid the new demand,” Professor Alan Woodward of the University of Surrey in England told the BBC.
Vice‘s Motherboard reached out to the perpetrators, who offered to address allegations Petya acts as a wiper by demonstrating a file decryption. The perpetrators reportedly decrypted a test file infected by Petya after two hours, according to Motherboard.
More articles on health IT:
NATO researchers: Global cyberattack Petya likely caused by ‘state actor’
Google DeepMind, Royal Free NHS Foundation Trust trial fails to comply with UK data protection law: 4 things to know
22k patients of Cleveland Medical Associates affected in ransomware attack
