Petya is the most dangerous computer attack of 2017, it was launched last week by a company from Ukraine, but people and companies from dozens of countries were affected. A week after the release of Petya, the group of hackers responsible for the attack made a first public announcement, offering for sale the key to decrypt the encrypted data in the infected computers.
Petya has left many companies with infected computers unable to recover data, and hackers are demanding 100 bitcoins to provide the decryption key. The value in dollars is $250.000, at current exchange rates, so the hackers behind Petya would get a nice sum, but small compared to what they probably received to start the attack.
Petya was categorized as a ransomware attack, which encrypts data and asks for money to decrypt it, but many experts said that the real reason for its launch would be the deletion of data and the infection of government institutions or companies. The message also contains a file signed with Petya, confirming the fact that it really comes from the people who launched this extremely dangerous attack.
Petya – The colossal amount demanded for decryption
Petya was thought in such a way that some boot files ale Windows were deleted, so the total recovery of the files is impossible, although some can be decrypted without problems. This is why Petya's decryption key is very important, as it could save many people from losing data from computers that were infected last week.
Petya has so far only generated $10.000 for the hackers who collected the money received from victims who wanted to quickly recover their encrypted data. Considering that we are talking about bitcoin, the accounts where the Petya hackers transferred the money will never be discovered, otherwise the decryption keys could have been obtained for free for the whole world extremely quickly.
"Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks). See the attached file signed with the key"
Petya generated a small amount for hackers, considering the number of government institutions and companies infected, so a request of this kind would be logical. Of course, it comes after most of the companies infected by Petya have resumed their activity, so it's hard to say who will pay such a large amount of money to de-encrypt the data from their own infrastructure.
Petya also led to the confiscation of the servers of the Ukrainian company from which the attack started, the authorities are now trying to discover the source of the infection and who they can hold accountable.
