Home / Archive / $10,200: Global Petya Ransomware’s Bitcoin Earnings so Far

$10,200: Global Petya Ransomware’s Bitcoin Earnings so Far

Last Updated March 4, 2021 4:57 PM
Rebecca Campbell
Last Updated March 4, 2021 4:57 PM

Yesterday’s global cyberattack showed, once again, how unprepared many organizations are when it comes to patching their systems to protect them from vulnerabilities, and so far, has received over $9,000.

Despite the global disruption the cyberattack presented, only $9,500 has been paid from victims, to this address 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX  according to Blockchain.info. While it’s still early days, considering the scope that cyberattacks have the potential of producing, payouts seem to be a lot lower than previously thought.

WannaCry, the last global cyberattack that occurred in May, caused a significant amount of disruption among organizations and their computer systems, and yet, to date, it has only been able to raise over $130,000  from ransom demands.

When you consider the 2014 CryptoWall ransomware, which saw ransom payments reaching $325 million, the WannaCry figure pales in comparison.

Not Petya, but Something New

In a tweet  from security firm Kaspersky Lab, this latest ransomware is an entirely new one. While it was initially thought to be an updated malicious virus known as Petya, it isn’t.

The security firm said:

Kaspersky Lab’s analysts are investigating the new wave of ransomware attacks targeting organizations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before. That is why we have named it NotPetya.

Yet, similar to the WannaCry cyberattack, it appears that this new variant is also employing the Eternal Blue exploit.

In a blog post , the security firm said:

This appears to be a complex attack, which involves several attack vectors. We can confirm that a modified Eternal Blue exploit is used for propagation at least within corporate networks.

Will Victims be Able to Regain Access?

Interestingly, there is some indication that even though victims have paid the ransom demand of $300 worth of bitcoin, they may not be able to gain access to their files for the decryption key.

According to a report from the Business Insider , the hackers had provided an email address that victims were supposed to reply to with their Bitcoin wallet ID and a personal installation key. However, the operator behind the email address, German firm Posteo, had blocked access to it, preventing the hackers from reviewing it and from people emailing it.

In a statement  released yesterday from the German company, they said:

At noon today we learned that ransomware blackmail is currently providing a Posteo address as a contact option. Our abuse team checked this immediately – and the mailbox immediately blocked. We do not tolerate any misuse of our platform.

Yet despite this, a quick check on Blockchain.info shows an increase in the number of transactions with several of them amounting to $300. The question remains: how will it be known who has paid and who to send the decryption key to?

Featured image from Shutterstock.