Home>CERT-LatestNews>Petya ransomware attackers demand 100 Bitcoins for master decryption key

Petya ransomware attackers demand 100 Bitcoins for master decryption key

CERT-LatestNews Malware Security News ThreatsCybercrime Uncategorized VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMicrosoft VulnerabilitiesOS
Home > News > Petya ransomware attackers demand 100 Bitcoins for master decryption key

The hackers will give a master key to decrypt the infected systems in exchange of ransom amounting to almost $260,000.


The Petya ransomware attack took place last week originating in Ukraine ,and spreading across different countries. Like the WannaCry ransomware, Petya exploits a security flaw in Microsoft Windows OS, and takes hold of one’s hard drive. The hackers have been demanding a ransom of $300 in Bitcoin in exchange for decrypting the important files. So far, the hackers have earned only $10,000 from the Petya attack, and are reportedly offering a new deal of almost $260,000 for the master key to kill the ransomware completely.

Quartz unearthed this demand through a bot created to monitor the Bitcoin account used to receive the ransom money. This bot is functioned to tweet any kind of activity on the Petya Bitcoin account. It first reported transfer of $340 from the Bitcoin account to a service on the dark web called DeepPost. This was followed by another transfer of $316 to an address which is owned by Pastebin. Pastebin, unlike DeepPost, can be accessed by anyone on the internet, and is an infamous website for storing and sharing text mostly used for stolen data.

Before the transactions took place, a message was posted on both DeepPost and Pastebin. The message read, “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).” Quartz believes that these transactions took place on both the platforms to prove that the demand is genuine. The demand ransom of 100 Bitcoins equals to almost $260,000. Further speculation on why the hackers have a new ransom demand is because the earlier channel for receiving money was blocked. ALSO READ: Petya: Ukrainian police seize servers of accounting software firm on charges of spreading malicious virus

The hackers used an email address owned by Posteo, a Berlin-based email provider to verify the payments made by the victims. This email address was used to make payments and send the decryption key. However, Posteo discovered this and upon discovery shut down the email account. Soon after, the hackers stopped receiving payments and hence received only $10,000 in ransom. It remains to be seen if the hackers will be successful in receiving payments through the new system from the remaining victims. ALSO READ: Petya ransomware follows WannaCry’s footsteps; here’s what the experts have to say