Cybercriminals Behind Petya Make First Public Statement, Demand Over $250,000 For Decryption
Over the past week, Petya has continued to unravel, with more and more details emerging about the global cyberattack each day. At first, Petya was believed to be the next WannaCry, until experts soon determined the malware was intended for destruction rather than profit, destroying files while using a faux ransom with no ability to recover files. Since then, the cybercriminals made their first public statement and added to the confusion by offering a master decryption key for the encrypted files in exchange for 100 bitcoin or roughly $250,000 USD.
Some users may feel obligated to pay the ransom to recover what they can. There’s a large chance victims wouldn’t even get their files back if they paid, as there is no guarantee that the authors will hold up their end of the bargain. This message, which was left on the Tor-only announcement service DeepPaste, more likely is an attempt by these cybercriminals to add to the global confusion and create a smoke screen, concealing their true intentions. These offers should not be trusted.
Why is this message more likely a cover-up, rather than proof that Petya could actually be ransomware after all? First, as we outlined in previous analysis, the victim ID that existed in previous variants of Petya is missing, so it seems unlikely that malware authors themselves could recover files. There may be some partial recovery options based on what occurred on each individual system. However, any use of the system severely impacts the recovery success rate.
In some cases, you may be able to recover the master boot record with Microsoft Windows recovery tools. If the master file table was encrypted, then you may want to use file carving tools to attempt to recover some files, much like we recommended for WannaCry. File carving is not guaranteed to recover all or any files, but you may be able to reduce the impact by recovering some of your files.
Now the next question is: how do you stay secure for the next cyberattack that may come your way? It is imperative that users keep not only their security systems up-to-date, but OS and software patches as well, as Petya used known vulnerabilities already patched by Microsoft to propagate. Turning on automatic patching and upgrading older software packages will also help you keep up with security patches. For malware that use zero-day exploits, you can mitigate damage by using various off box backup tools for your important files.
The post Cybercriminals Behind Petya Make First Public Statement, Demand Over $250,000 For Decryption appeared first on McAfee Blogs.
More antivirus and malware news?
- Growing mobile malware threat swirls (mostly) around Android
- The Upload: Your tech news briefing for Tuesday, August 4
- The Pirate Bay comes back from the dead after two-month outage
- Amazon goes after patent so you can pay by selfie
- Microsoft Internet Explorer CVE-2015-1738 Remote Memory Corruption Vulnerability
- Cyber thief who stole nude images for revenge porn king gets 2 years
- Darkode Member Admits Selling Access to Spam Botnet
- Why would Apple add a fingerprint sensor to the iPhone?
- Security researcher says new malware can affect your BIOS; be transmitted via the air
- Government focuses on young people to tackle cyberskills shortage