This Week In Security: NotPetya For Cash Money; Got Gox’d?

NotPetya Bungling Authors Provide Evidence of Master Key in Efforts to Possibly Maybe Get Some Cash Money

The authors of the NotPetya/ EternalPetya malware, which brought thousands of businesses to a crippling halt last month, have resurfaced in order to demonstrate the possibility of actually having a master key to decrypt files. The authors have stated on pastebin they are willing to sell this master key for 100 bitcoins (approximately $236,000 USD at time of writing).

Cybersecurity experts have come to an agreement that NotPetya is actually a wiper malware and its ransom capabilities were very much secondary after effects to its destabilization and disruption to targeted systems.

Within hours of the malware’s first infection, the email address associated with the ransom note distributed by NotPetya was taken down by the email provider, which made it impossible for payments to be accrued and collected by the malware’s authors. The recent resurfacing of the authors seems to indicate that this could be the only way for them to recuperate their financial losses over their initial grave mistake of not selecting a shadier email provider.

Vice News employees recently got in contact with the reported authors using dark web communication methods. They asked the authors to prove that they are, indeed, the actual authors and can indeed decrypt files from victims affected by the malware. After providing them with an encrypted MSWord document, the authors sent back the file successfully decrypted within two and a half hours.

The plot thickens, as the file used to demonstrate decryption capabilities was only approximately 200K in size and due to errors in the use of the encryption algorithm in the malware, many security experts now believe the authors cannot decrypt files greater than 1MB in size.

Prior to shutting down the dark web chat (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog