NotPetya ransomware is creating havoc for some time now and new information related to it is regularly coming on daily basis. Reportedly, NotPetya is active in Ukraine in priority and had almost shown its presence all around the globe. Recently, a new story came up as the bitcoin sent by one of victims for NotPetya decryption key has been moved from the Online wallet and now anonymous member of the group is asking for money.
The reports of NotPetya first came on 28th June when Ukranian financial company got infected with it and later it hit several other companies notably International law firm DLA Piper which is a UK based advertising company. Interestingly, the cyber-criminals behind NotPetya didn’t set it up such that it is easy for the victims to pay the ransom money. Many of the security-researchers concluded that the main aim of NotPetya is to wipe computers and it is much more than a normal ransomware. The actual purpose is to wreak havoc and they didn’t bother about the ransom much.
Recently, a researches show that the bitcoin wallet was emptied that they were using to receive ransom payments. Reportedly, more than $10,000 was moved to different wallets. Next, the author asked to pay roughly $256,000 in order to get the decryption key for decrypting any files encrypted by NotPetya. They didn’t provide the address to deliver the payment however it did provide a link for dark-web chatroom. This is probably the first time after this ranosmware breakout when whoever is in control of NotPetya wallet has moved the money. Now the researchers and law enforcement had to scratch their head in new way.