Hackers Linked to NotPetya Ransomware Decrypted a File for Us

Image: November27/Shutterstock
The hackers successfully decrypted a file provided by Motherboard, but that does not necessarily mean victims will be able to get their files back.

By Joseph Cox, Lorenzo Franceschi-Bicchierai | MOTHERBOARD

Hackers linked to the crippling NotPetya ransomware attack, which encrypts files on infected machines, have proved to Motherboard they have the ability to decrypt some locked files.

Security researchers have spent much of the last week debating whether victims of NotPetya will ever get their files back, with many arguing that the malware was designed to cause disruption rather than generate funds.

After resurfacing online on Wednesday, hackers connected to the NotPetya ransomware are now offering to release a key they say would unlock all files affected by the malware for 100 bitcoins (worth roughly $250,000). The hackers didn’t publicly specify where to send the money, but told Motherboard that victims could pay to a new bitcoin wallet unaffiliated with the one that individual users have been paying ransom to until this week.

The successful decryption of a test file makes the NotPetya case even more puzzling. If the hackers didn’t really want to return files in the first place, why resurface? Either way, since the ransomware appears to damage disks for some victims, even if the hackers provide a decryption key, some victims may not be able to save their files anyway.

read more