Home / Headlines / Victims Unlikely to Receive NotPetya Decryption Keys Despite Paying Bitcoin Ransom
2 min read

Victims Unlikely to Receive NotPetya Decryption Keys Despite Paying Bitcoin Ransom

Last Updated March 4, 2021 4:57 PM
Rebecca Campbell
Last Updated March 4, 2021 4:57 PM

According to security firm Kaspersky Labs, there is little hope for victims to retrieve access to their files after the recent so-called Petya cyberattack.

On Tuesday, it was reported that the NotPetya ransomware had started in Ukraine and was spreading worldwide affecting thousands of computers in the U.K., the U.S., Russia, Spain, and France, to name a few.

With 2,000 organizations around the world believed to be affected, according to Kaspersky, victims were ordered to pay a ransom demand of $300 worth of bitcoin. It was only through paying the ransom that victims were informed they would receive a decryption key to unlock their files.

That, however, is not the case.

Shortly after the announcement of the cyberattack, German firm Posteo, the operator behind the email address that the criminals were using to manage ransom demands, blocked access to it. This meant that the hackers couldn’t see who had emailed them and victims couldn’t send emails to [email protected]  to confirm payment and receive the decryption key.

At the time, the company statement said:

We do not tolerate any misuse of our platform.

Following the cyberattack, reports were coming in that this latest ransomware wasn’t bringing in as much money as previously thought. At the time of press, the NotPetya ransomware had only received $10,100 to this address, 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX , since Tuesday.

Unlike the 2014 CryptoWall cyberattack, which raked in $325 million, it’s hardly big bucks.

A lack of funds to the address is likely down to the fact that security firms have stated that even if they pay the $300 to the criminals they are unlikely to get their files back. However, while victims can still pay the demand to the bitcoin address, it’s impossible for the attackers to make good on their promise and provide a decryption key.

According to Mikko Hypponen, CRO at F-Secure, a cybersecurity firm, he said on Twitter:

Victims keep sending money to Petya, but will not get their files back: No way to contact the attackers, as their email address was killed.


Featured image from Shutterstock.