The group behind Petya Ransomware which led to a global outrage and whose ill effects in India were seen on the terminals of JNPT (Jawahar Lal Nehru Port Trust) has made their first public statement. The announcement was left on DeepPaste which is a Tor-only announcement service. In the message, the creators of the Petya ransomware set forth a demand of 100 Bitcoins in exchange for their private key which can be used to decrypt any hard disk. The total amount at current rates is equivalent to $250,000.
The Petya Ransomware attack occurred on the night of 27 June 2017 which majorly affected the European countries. It also disfigured a few businesses from the United States. The biggest oil firm in Russia, Rosneft was affected by the Ransomware. When the source of the attack was traced, it was revealed that the hackers used a leaked piece of code developed by the US National Security Agency.
The fact that the message includes a file signed with Petya’s private key proves that the message came from the same group which was responsible for the Petya Ransomware. Also, it is clear that the person who has left the message has the required private key to decrypt the individual files. The private key can be used to recover individual files but you cannot entirely recover the infected systems entirely as the virus permanent deleted some boot-level files. Link to a chatroom where the authors of malware discussed the offer has not been active.
It is still obscure whether any affected user has paid the ransom although a bitcoin transaction of that size has not been recorded yet. The payouts from the first round of Petya infections summed up to around $10,000. There were two small donations to PasteBin and DeepPaste and the rest of the amount was transferred to an unknown account.
