Cybercriminals Behind Petya Make First Public Statement, Demand Over $250,000 For Decryption
Over the past week, Petya has continued to unravel, with more and more details emerging about the global cyberattack each day. At first, Petya was believed to be the next WannaCry, until experts soon determined the malware was intended for destruction rather than profit, destroying files while using a faux ransom with no ability to recover files. Since then, the cybercriminals made their first public statement and added to the confusion by offering a master decryption key for the encrypted files in exchange for 100 bitcoin or roughly $250,000 USD.
Some users may feel obligated to pay the ransom to recover what they can. There’s a large chance victims wouldn’t even get their files back if they paid, as there is no guarantee that the authors will hold up their end of the bargain. This message, which was left on the Tor-only announcement service DeepPaste, more likely is an attempt by these cybercriminals to add to the global confusion and create a smoke screen, concealing their true intentions. These offers should not be trusted.
Why is this message more likely a cover-up, rather than proof that Petya could actually be ransomware after all? First, as we outlined in previous analysis, the victim ID that existed in previous variants of Petya is missing, so it seems unlikely that malware authors themselves could recover files. There may be some partial recovery options based on what occurred on each individual system. However, any use of the system severely impacts the recovery success rate.
In some cases, you may be able to recover the master boot record with Microsoft Windows recovery tools. If the master file table was encrypted, then you may want to use file carving tools to attempt to recover some files, much like we recommended for WannaCry. File carving is not guaranteed to recover all or any files, but you may be able to reduce the impact by recovering some of your files.
Now the next question is: how do you stay secure for the next cyberattack that may come your way? It is imperative that users keep not only their security systems up-to-date, but OS and software patches as well, as Petya used known vulnerabilities already patched by Microsoft to propagate. Turning on automatic patching and upgrading older software packages will also help you keep up with security patches. For malware that use zero-day exploits, you can mitigate damage by using various off box backup tools for your important files.
The post Cybercriminals Behind Petya Make First Public Statement, Demand Over $250,000 For Decryption appeared first on McAfee Blogs.
More antivirus and malware news?
- Symantec leapfrogs McAfee in mobile security
- Noted speaker, Mikko Hypponen, cancels RSA talk in protest to NSA collaboration allegations
- Want to see gaming’s past and future? Dive into the “educational” world of PLATO
- “All your creds are belong to us”
- Microsoft is working on tools to help people use cloud-based FPGAs
- Ashley Madison hack: A savage wake-up call which is only the beginning
- Ashley Madison hackers release fresh data dump, corporate secrets
- Airbnb calls its hosts ‘micro-entrepreneurs’ who are in need of new laws
- Building a Hacker Culture in Abu Dhabi
- Protection Against Modern Cybersecurity Threats