Arabic AR Chinese (Simplified) ZH-CN English EN French FR German DE Japanese JA Portuguese PT Russian RU Spanish ES Ukrainian UK

Petya hackers issue fresh ransom demand

Latest news

    Petya malwareImage copyright Reuters
    Image caption Ukrainian cyber-security researchers have been trying to uncover the secrets of the malware’s code

    The perpetrators of a recent cyber-attack that disrupted businesses across the world appear to have accessed the ransom payments they raised.

    Just over £7,900-worth of virtual currency has been moved from the Bitcoin address listed in the blackmail demand that appeared on hacked PCs.

    One expert said there was little doubt the funds had been tapped by those responsible for the crime.

    And it seems they have now made a fresh ransom demand.

    However, analysts suggest the move is intended to confuse investigations into the matter.

    In other related developments, Ukraine’s interior minister has said the police managed to prevent a second wave of attacks by shutting down and confiscating computer servers used by a local software company, which is thought to have unwittingly helped the Petya-variant virus to spread.

    Image copyright Kiberpolitsiyi Police
    Image caption Ukrainian police issued this image of the confiscated computer servers

    And after having repeatedly denied any involvement in the transmission of the malware, the developer Intellect Service has acknowledged an upgrade to its MeDoc tax software was indeed “contaminated”, allowing the attack to be carried out.

    “As of today, every computer which is on the same local network as our product is a threat,” the company’s chief executive Olesya Bilousova told reporters.

    She added that one million computers in Ukraine had MeDoc installed on them.

    The police have recommended that everyone stops using the program and turns off computers that have it.

    Image copyright EPA
    Image caption Hacked computers were forced to reboot, after which they displayed this ransom demand

    Although the majority of the detected attacks occurred within Ukraine, according to analysis by security firm Eset the malware also affected businesses across the world.

    Their computers became inaccessible after the code spread over their internal networks, scrambling a part of the PCs’ operating systems used to locate where files are stored.

    High-profile casualties included Nurofen-maker Reckitt Benckiser, Oreo cookie manufacturer Mondelez International, the shipping group Maersk and the advertising agency WPP.

    Most of those struck did not, however, pay the ransom demand. This was in part because the email address given by the attackers to contact them was shut down by its German operator.

    And until Tuesday, the funds that were raised lay dormant.

    Image copyright Blockchain
    Image caption The Bitcoin address used in the ransom demand has been emptied of most of its contents

    But at 22:32 BST on Tuesday, three transfers were triggered.

    Two of these were sent to Bitcoin wallets used to collect donations to the PasteBin and DeepPaste text-sharing services – platforms often used by hackers to announce their activities.

    The third and largest of the transfers went to an address that had previously been empty.

    A little later, a post appeared on DeepPaste demanding 100 bitcoins ($256,300; £198,500) for a “private key to decrypt any hard disk” affected by the attack.

    Image copyright DeepPaste
    Image caption This message appeared on DeepPaste shortly after funds were transferred to the site’s Bitcoin account

    “Unless the hackers gave away the Bitcoin account linked to the original ransom demand, only they could have moved the funds,” Prof Alan Woodward from the University of Surrey told the BBC.

    “People are gobsmacked they have gone anywhere near it – they can’t be daft enough to try and cash it out.

    “As far as we can tell, there’s no way to actually decrypt affected PCs even if you paid the new demand.

    “So, it may be that they are trying to lead a false trail away from themselves.”

    Ukraine has accused Russia of being involved in the attack, but the Kremlin has denied any responsibility.

    The news site Motherboard said it spoke to someone claiming to be one of the hackers on a dark web chatroom.

    View the original article:

    The supposed criminal offered to demonstrate that they could decrypt any file scrambled by the Petya-variant. However, they failed to deliver on the promise when given an example to test.

    In the same category are

    Wearable tech aids stroke patients Image copyright Shirley Ryan AbilityLab Image caption Lizzy McAninch had a stroke two years ago Scientists in the US are developing wearable senso...
    UN approves 30-day ceasefire in Syria The UN Security Council has unanimously approved a resolution demanding a 30-day ceasefire in Syria. The 15-member council voted to allow aid delive...
    West Bromwich Albion 1-2 Huddersfield Town Steve Mounie scored for the second league match in a row, and is Huddersfield's top scorer this term with six goalsBottom-of-the-table West Brom were...
    Six Nations: Scotland 25-13 England Scotland centre Huw Jones dives over to score the first of his two tries2018 Six NationsScotland (22) 25Tries: Jones 2, Maitland Cons: Laidlaw 2 Pens...
    Florida shooting: US airlines join other firms in dropping NRA Image copyright Reuters Image caption Students have been at the forefront of new calls for gun control in the US Two major US airlines have joined...
    Johnny Hallyday estate: Bardot wades into France family row Image copyright Getty Images Image caption Bardot is known for her forthright views on animal rights and other issues Brigitte Bardot has become t...

    Leave a comment

    Your email address will not be published. Required fields are marked *