The hacker behind Wednesday’s global ransomware attack can’t get emails from those who met his demands because his account has been closed by the German provider.
When a Ransomware attack strikes, it can be costly, in terms of lost business, possible fines for Privacy Act breaches, losing customers who lose faith in your ability to keep their information safe and possibly paying a ransom to recover your data – who may sell your details to another hacker or look to attack you again in the future.
When those threats get compounded by the inability even to pay a ransom to recover your data, a bad situation can turn into a digital nightmare.
The Herald is reporting that the latest Ransomware attacker has had their email address shut down by their Internet Service Provider – meaning that they can’t send out the password allowing victims to unlock their data even if the make payment by Bitcoin.
The Insurance Industry has developed products that can pay to rewrite, repair and unencrypt locked up data held on Computers, Drives and Cloud Services that we all need now to keep our businesses on track.
Contact RDi on 0800734677 to get a handle on the threats and the solutions that threaten your business.
The Herald story is below
Several Australian businesses including courier companies, legal firms and even Cadbury were involved in the Petya cyber attack, which demanded victims send bitcoin to a predefined address to have their files decrypted and then email him with confirmation.
Once received, the hacker would send a 60-character code made up of letters and digits generated by the malware so they could unlock their files.
“If you see this text, then your files are no longer accessible, because they are encrypted,” the ransom message read.
“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
The hacker’s plan was flawless until email hosting company Posteo decided to close the account mentioned in the demands.
“Midway through today we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact,” the email provider wrote in a blog post on Wednesday.
“Our anti-abuse team checked this immediately – and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases.”
This might have seemed like a good way to stop the hacker getting the extortion money, however the move also means the victims now have no way of getting the decryption keys needed to unlock their files.
When asked about how the negative repercussions from removing the chance for those caught in the hack to have their content retrieved, the email company said there was no evidence to suggest paying the ransom would have worked.
“Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal. The company did not respond to questions asking how victims can contact the hacker,” the company told Motherboard.
While it is still possible for money to be sent to the Bitcoin address, the blocked email will make it logistically impossible for the hackers to make good on their decryption promise.
The full story can be read here: