Yesterday’s massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware’s author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account.
As a result, victims who want to pay to get their data back have no way to do so, and will likely never see their files again (unless a defect in the Petya encryption tool is discovered and leveraged to provide a decryption tool).
“Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact,” Posteo, the German email provider the hacker had an account with, wrote in a blog post. “Our anti-abuse team checked this immediately – and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases.”Just to be super-clear, Posteo clarified, “Since midday it is no longer possible for the blackmailers to access the email account or send emails,” and “Sending emails to the account is no longer possible either.”
Info on the PetrWrap/Petya ransomware: Email account in question already blocked since midday
[Posteo]
Hacker Behind Massive Ransomware Outbreak Can’t Get Emails from Victims Who Paid
[Joseph Cox/Motherboard]