The emergence of a worldwide ransomware attack so soon after WannaCry is bad enough, but what's making matters worse is the fact that the victims can’t contact whoever’s responsible for NotPetya/PetyaWrap to decrypt their files. The reason: an email provider has closed the hacker's account.
The malware, which has already infected around 300,000 computers across the world, comes with a ransom note demanding $300 in Bitcoin to restore encrypted files.
To determine which victims have paid, the note asks them to email their Bitcoin wallet ID and a “personal installation key,” - a unique 60-character code generated by the malware that lets the hacker know which decryption keys to issues.
But German email service Posteo has now blocked the hacker’s email address, meaning it can no longer receive messages and the owner is unable to access it.
"Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, Posteo wrote in a blog post. "Our anti-abuse team checked this immediately – and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases."
At last count, there had been 29 payments totaling $7497 sent to the Bitcoin address. With no apparent means of contacting the hackers, there now seems to be no point in paying the ransom.
Idiots...— MalwareHunterTeam (@malwrhunterteam) June 27, 2017
Blocking email won't stop infections, but it will make victims surely not get back files even if they wanted to pay.
Posteo has been criticized for closing the email account. But in an email to Motherboard, it says there were no guarantee the hacker ever intended to decrypt the affected files. "Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal," it wrote, without addressing how victims could now contact the attacker.
Countries in Russia and Europe, including the UK, Ukraine, Spain, and France, have been hit hardest by the ransomware, but it has now reached the US. Drug maker Merck, law firm DLA Piper, and Heritage Valley Health Systems are among those that have been infected.