Slashdot Mirror

← Back to Stories (view on slashdot.org)

Petya Ransomware Authors Demand $250,000 In First Public Statement Since Attack (theverge.com)

Posted by BeauHD on from the public-statements dept.

An anonymous reader quotes a report from The Verge: The group responsible for last week's globe-spanning ransomware attack has made their first public statement. Motherboard first spotted the post, which was left on the Tor-only announcement service DeepPaste. In the message, the Petya authors offer the private encryption key used in the attack in exchange for 100 bitcoin, the equivalent of over $250,000 at current rates. Crucially, the message includes a file signed with Petya's private key, which is strong evidence that the message came from the group responsible for Petya. More specifically, it proves that whoever left the message has the necessary private key to decrypt individual files infected by the virus. Because the virus deleted certain boot-level files, it's impossible to entirely recover infected systems, but individual files can still be recovered. The message also included a link to a chat room where the malware authors discussed the offer, although the room has since been deactivated.

59 comments

  1. Microsoft should pay it... by Anonymous Coward · · Score: 0

    Their lax security caused the problem, they should pay to fix it.

    1. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      NSA should chip in as well, since it was a weaponized version of their rootkit

    2. Re:Microsoft should pay it... by Anonymous Coward · · Score: 1

      Microsoft patched the hole long before it was exploited, which is really all you can ask of any company as no one on the planet has yet found a way to write an OS with no problems. If anything the NSA or moron IT people that don't manage their systems correctly are responsible.

    3. Re: Microsoft should pay it... by Anonymous Coward · · Score: 0

      NSA/CIA should pay it. They failed to secure their exploits, knew they had been leaked and still didn't report. Their tools made this attack much easier.

    4. Re:Microsoft should pay it... by KiloByte · · Score: 1

      Microsoft patched the hole long before it was exploited, which is really all you can ask of any company

      That would be fine if there was a way to update (and keep updated) their OS without compromising it.

      There is not (you'd have to install their telemetry spyware), thus no reasonable patch exists.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    5. Re:Microsoft should pay it... by quenda · · Score: 1

      Russia could pay it. Its a lot less than what Putin has already paid to fund this attack.
      Makes him look good, and he can still deny responsibility, while reducing scope for escalating payback attacks.

      More likely the group just announces an anonymous benefactor has paid the ransom. (Is the bitcoin transaction visible so they need to indirectly pay themselves?)
      We are still assuming the ransom demand is just cover for a state-sponsored cyber-attack on Ukraine, right?

    6. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      any tinfoil hat wearer like yourself shouldn't be using the OS to start with. Anyone else doesn't give a shit. Corporations get to block any of that so have no vlaid excuse not to update.

    7. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      any tinfoil hat wearer like yourself shouldn't be using the OS to start with.

      Neither should a computer illiterate, like yourself. Unless you're being paid off by Microsoft, in which case, you're still probably a computer illiterate.

      Additionally:

      Corporations get to block any of that so have no vlaid excuse not to update.

      You so sure about that?

      If you actually have the balls to back your words - and you don't - then install a keylogger like Microsoft's and publicly dump what it finds to pastebin. But since you don't, just do yourself a favor and get off of mommy's computer before she catches you racking up $500 of in-game purchases on some game.

    8. Re:Microsoft should pay it... by Anonymous Coward · · Score: 1

      Yeah, and we may as well make Mexico throw in a few pesos. I mean, you know, why not? It's just another brick in the wall..

    9. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      If you are in a corporate space moron you should have proper firewalls in place where you control EVERYTHING your computer accesses. Go back to your basement, in the real world large enterprises don't work like your home computer setup.

    10. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      I'm not seeing a Pastebin URL in that reply...

    11. Re:Microsoft should pay it... by Anonymous Coward · · Score: 0

      Fortunately, America's favourite bugbear isn't nearly as fearsome as people think. Economically (and militarily), Russia is similar to Italy, Canada, or the state of California.

      The perpetrator of these viruses may be Rusian, but a jobless Russian speaking geek living in his babinka's basement in Ukraine, doth not a state actor make.

    12. Re:Microsoft should pay it... by rtb61 · · Score: 2

      The source of the attack, the accounting company could buy it's way out of what seems very much like an insider attack, possibly even at management level. Basically a way for the accounting company to save face, except it now makes them look as guilty as hell ie $250,000 seems really low ball for what is likely to be a dead as fuck software accounting company (who the fuck will trust them with future upgrades). As for the Russia shit, it just makes the company look even worse, exactly what insiders would do. So the accounting software company pretends to pay and releases the key to their customers to attempt to regain some trust.

      Easy to scope out, check out the revenues for the company over the last few years to see if they are stagnating or falling off and consider they were hoping to make millions before realising in the most stupid fashion, that as the leading source of the attack, their customers would blame them for the losses and go with different accounting software. When it comes to financial stuff and risks, trust once burned pretty much never comes back.

      --
      Chaos - everything, everywhere, everywhen
    13. Re:Microsoft should pay it... by Killall+-9+Bash · · Score: 2

      "Corporate" space is a small subset of "business" space.

      Most companies do NOT have IT departments. They outsource that on a break/fix basis, and do NOT want to pay for maintenance.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    14. Re:Microsoft should pay it... by Darinbob · · Score: 1

      There is apparently good evidence that the Kremlin is supporting these attacks. At the minimum it is definitely calling the malware authors "patriots".

    15. Re:Microsoft should pay it... by butzwonker · · Score: 1

      Microsoft patched the hole

      No they haven't. At least not for everyone. On my Windows 7 machine every update consistently fails since they switched to bundled updates, and there is no technical means of recovering from this situation. I've tried absolutely everything you can imagine, every Microsoft and every 3rd party tool, except for reinstalling the whole operating system - the latter wouldn't be practical for me, because it would mean that I would have to manually reinstall hundreds of audio plugins (every second one with its own DRM scheme, and besides I'm going to buy a new machine soon anyway.

      I cannot imagine how or why the maker of an operating system cannot invent a fix for their update problems. It doesn't help that each attempt of updating requires two restarts and takes an endless amount of time rolling back the update.

      If it weren't for the audio software I'd surely get rid of Windows entirely, at the expense of never being able to play a top game anymore. I'm using GNU/Linux for work, of course, and never had any problems with it.

    16. Re: Microsoft should pay it... by BLKMGK · · Score: 1

      You realize that the exploits that were taken advantage of were patched a MONTH before this occurred right?

      --
      Build it, Drive it, Improve it! Hybridz.org
    17. Re:Microsoft should pay it... by JoePete · · Score: 2

      Agree that the US is on the hook morally and perhaps financially for any ill coming from the NSA spy tools that have fallen into the wrong hands, but you have a redundancy on your hands suggesting "moron IT people" who failed to patch their systems are to blame, too. The faulty decision was not failure to patch; it was adopting a vulnerable and frequently attacked OS to begin with. If someone driving a car with no brakes, no seatbelts, and low pressure in one tire, gets into an accident, do you say the problem was they failed to inflate the tire?

    18. Re: Microsoft should pay it... by Anonymous Coward · · Score: 0

      Nice try, Ruslan.

  2. Petya or Not Petya, that is the question... by Anonymous Coward · · Score: 0

    Can we just make up our minds and decide whether it's called "Petya" or "NotPetya"?

    1. Re: Petya or Not Petya, that is the question... by Anonymous Coward · · Score: 0

      Well there was already a ransomware called Petya a couple years ago. That one forced a reboot, infected MBR and showed a fake checkdisk while it encrypted files then had a nice ASCII skull over a red screen. So all you had to do was pull the plug quickly and your files were safe.

    2. Re:Petya or Not Petya, that is the question... by 93+Escort+Wagon · · Score: 1

      Can we just make up our minds and decide whether it's called "Petya" or "NotPetya"?

      Po-TAY-to, Po-NOT-potato.

      --
      #DeleteChrome
    3. Re:Petya or Not Petya, that is the question... by Anonymous Coward · · Score: 1

      Petya and NotPetya are two separate pieces of malware. It isn't an OR it is an AND.

    4. Re:Petya or Not Petya, that is the question... by Anonymous Coward · · Score: 1

      Yeah, and as far as I can tell from other news sources, this ransom note is about NotPetya. So Slashdot is naming the wrong malware entirely here.

    5. Re:Petya or Not Petya, that is the question... by eddeye · · Score: 1

      Can we just make up our minds and decide whether it's called "Petya" or "NotPetya"?

      Po-TAY-to, Po-NOT-to.

      FTFY

      --
      Democracy is two wolves and a sheep voting on lunch.
  3. One Millyun Dollars by Anonymous Coward · · Score: 0

    Bwahahahahahaha!

    Sir - our legitimate companies make more than that in a day.

  4. The gang that couldn't shoot straight by Anonymous Coward · · Score: 0

    Don Knotts. Tim Conway. Donald Trump. Two played an idiot. One is an idiot.

    1. Re:The gang that couldn't shoot straight by Anonymous Coward · · Score: 0

      your old

    2. Re:The gang that couldn't shoot straight by Anonymous Coward · · Score: 2, Funny

      his old what?

    3. Re: The gang that couldn't shoot straight by Anonymous Coward · · Score: 0

      So are you, apparently

    4. Re: The gang that couldn't shoot straight by Darinbob · · Score: 1

      I guess we all have an old.

    5. Re: The gang that couldn't shoot straight by Anonymous Coward · · Score: 0

      But all three are smarter than you.

    6. Re: The gang that couldn't shoot straight by Anonymous Coward · · Score: 0

      Says to butthurt little Trump voter.

  5. Credibility by Anonymous Coward · · Score: 0

    I don't see why anyone would actually pay this. Not because it would "only encourage more" ransomware, as few are willing to martyr themselves or their businesses in the name of improved crime statistics. Nor do I think it's because this is just some ransom punk, the key shows they're probably the real deal.

    Rather, I'd be surprised if anyone pays it up because the destruction of boot level files strikes me as an indicator that it is highly likely that ransom payment will get no useful key.

    If they really wanted people to take them seriously they'd have left the system perfectly 100% recoverable. While they may have the key, I doubt that they'll actually release it, and there's no way to verify that they actually will release this key since if it's good encryption, the mess they made is statistically indistinguishable from random data. They might unlock a few files as proof, which would prove they have it. But that doesn't mean they'll release it. Plus, if I recall correctly, they already demanded cash and the few that paid up never got their files decrypted.

    If someone actually does pay this, I imagine that the ransom will suddenly double, then triple, and continue to go up with no useful key delivered until those with the cash to pony up finally realize that either there is no key or it will never be released. At that point, the hackers walk away quite a bit richer and are never heard from again, unless they try to use their reputation in later ransomware schemes or hacking work, e.g. selling out their services to North Korea, even if their skills aren't particularly sophisticated.

    1. Re: Credibility by Anonymous Coward · · Score: 1

      There is no destruction of boot level files...

        Yes it overwrites some sectors it never backs up, but they are inbetween the master boot record and the first partition, and are blank on almost every standard windows install ever.

      The guy who claimed this whole thing about the worms code being flawed so it couldn't decrypt was wrong.

  6. Always pay the ransom by Anonymous Coward · · Score: 0

    Never not pay.

  7. Stupid by Gravis+Zero · · Score: 2

    If you pay them then you simply add fuel to the fire. The best thing to do is migrate to a secure OS and restore all the data you can and fire anyone managing a division that doesn't have full backups.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Stupid by Anonymous Coward · · Score: 0

      So what OS would that be that has no vulnerabilities, especially when you aren't applying patches? No OS has a fix for bad IT management.

    2. Re:Stupid by Anonymous Coward · · Score: 0

      Even if your backups are daily that's still going to mean data loss. It's hard to keep proper 'full' backups.

    3. Re:Stupid by Anonymous Coward · · Score: 0

      "full backups" is a term from the 1980's my friend. ... fire everyone! you want to pull and verify hourlies of files, transaction logs and database dumps where you can get them. you want configs as software, a carefully managed key-infrastructure. enough identical hardware/failover-systems. ... this is not hard, it just uncomfortably reveals the true cost of ownership until you learn to grow with it. 'kill full backups man'.

    4. Re:Stupid by Anonymous Coward · · Score: 0

      That why you use RAID.

    5. Re:Stupid by Anonymous Coward · · Score: 0

      Except if your domain controllers and backup systems were also running winblowz and got infected just as fine. Adding the mimikatz functionality to the new virus was a real winner.

  8. You too can fund the next Russian hack attack! by WillAffleckUW · · Score: 0

    Just think, all you have to do is pay $250,000 to finance the vacation weekend for the Russian hackers who already have their salary and pension paid by Russia!

    And for this they will love you forever.

    Or until Putin tells them to "take care of this troublesome" person.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:You too can fund the next Russian hack attack! by Anonymous Coward · · Score: 1, Insightful

      It wasn't Russia, it was America that launched this attack. Everyone knows it but very few say it. American government needs a bogeyman and they want you to think Russia or China or North Korea or some other country is full of bad people that want to rape you and then kill you. Or maybe kill you, then rape you. They need bogeyman to keep you scared and in line.

      Just look at the facts and you will see who injects the most malware into commercial products. Look at who spies the most on their own citizens. Look at which government strong-arms corporations info giving up citizen's personal data. Makes you wonder which country has the freedoms.

    2. Re: You too can fund the next Russian hack attack! by Anonymous Coward · · Score: 0

      The Russian hackers will never see a rouble. The money will be divided between the slush fund and various apparatchiks.

    3. Re:You too can fund the next Russian hack attack! by Anonymous Coward · · Score: 0

      You can come out from behind the curtain Vladimir, we can see your gnarly toes sticking out.

    4. Re:You too can fund the next Russian hack attack! by Anonymous Coward · · Score: 0

      If it was Americans the ransom would be higher. If you can make malware like that you can easily demand a higher salary than 250k. This just isn't worth it if you are in America.

    5. Re: You too can fund the next Russian hack attack! by Anonymous Coward · · Score: 0

      A ransomware is not very difficult to make, the spreading part is much more difficult but this technology was borrowed from another actor.

      Hell, there are open source ransomwares on github...

  9. The real question here: by Anonymous Coward · · Score: 0

    Why does the CIA need $250 000?

    1. Re:The real question here: by mr_java66 · · Score: 0

      Hookers and Blow! It's always Hookers and Blow! LOL!

  10. Pretty much confirms Petya is state sponsored by Anonymous Coward · · Score: 0

    The fact that they waited so long to do this and did this in this way suggests that the theory suggesting that the attack was state-sponsored is true. They are trying to make it look like it isn't (by requesting more money). However, they are doing this too late after the initial event which makes it seem like a reaction to the media reports rather than a genuine intention.

  11. nuance, inc. is STILL DOWN by Anonymous Coward · · Score: 0

    over 75% of health care facilities (and like 85% of major facilities like hospitals) in the u.s. depend upon nuance's medical transcription and voice recognition services... which has essentially been completely SHUT DOWN for nearly two weeks. doctors handwrite notes, facilities scramble to hire temps to transcribe in house..

    the company has not exactly been transparent and forthcoming regarding the scope of the problem, the damage caused, and when the fuck they'll get things back up and running.

    10s of thousands of workers are idle across the country (well, and india, too, i suppose) of theirs and 100s of smaller transcription companies and independent contractors.

    because medical transcription happens 'behind the scenes', and doesn't (yet) affect the day-to-day operations of facilities or the care they provide.. and because nuance has a locked-up monopoly on the industry, so very few players involved, this is simply not making mainstream media... it's about time.

    NUANCE, INC. FUCKED UP. most of their infrastructure got totally rekked by petya.. they obviously had no contingency plan in place, they obviously had no backups, no spare hardware.. no nothing. if they were prepared for 'the worst' they'd have everything up and running again in less than 24 hours.. but it's now TEN DAYS and counting.. and with no end in sight.

    1. Re: nuance, inc. is STILL DOWN by Anonymous Coward · · Score: 0

      So then, ransomware is good for jobs?

  12. Re:Stupid - need a paired key by Anonymous Coward · · Score: 0

    Once the private key is public, there are no more need for further payments. Obviously, this is just another scam, possibly by a different actor.

  13. $250,000 reward by gnasher719 · · Score: 1

    I would offer a $250,000 reward for the identification of the people responsible. And then every country in the world can decide whether taking them out is helping their national security.

    1. Re:$250,000 reward by Bill+Hayden · · Score: 1

      Hey, if the guys who created Petya want to be part of the Bitcoin/Dark-Web economy and all that it entails, it's only logical that they are fair game for the assassination market.

      --
      Protect your browser with the Force Safe Search add-on
    2. Re:$250,000 reward by Anonymous Coward · · Score: 0

      Ransom was an okay movie.

  14. It's obviously the Loch Ness monster by Anonymous Coward · · Score: 0

    He need abuh two-fiddy.

  15. I'm sure this will hurt my Karma even more. by mr_java66 · · Score: 0

    I would prefer to address this problem with bullets. Or at the very least HAND-CUFFS! We need to find these people, and arrest them! PRISON is the solution to theft.