Petya ransomware victims won’t be able to contact hackers; Posteo blocks blackmailers’ email

By @chelean on
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Reuters/Kacper Pempel/Illustration

The hackers behind the global ransomware outbreak would not be able to receive emails from victims who paid the bitcoin ransom. German email provider Posteo has decided to block the attackers’ account after learning of the Petya cyber attack. This also means the victims would not be able to contact the hackers for their decryption code.

On Wednesday, the Petya ransomware infected Ukrainian websites, including those of state-owned firms, ministries, businesses, banks and electricity companies. There were also cases reported in France, Germany, the United Kingdom, United States, Italy, Poland, Russia and even Australia. The victims were sent a message demanding they send US$300 (AU$392) worth of bitcoin to an address and email the hackers so they could have their files decrypted.

“If you see this text, then your files are no longer accessible because they are encrypted,” the text reads. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

Victims willing to pay the amount might still not be able to salvage the files the hackers encrypted. Posteo said that its anti-abuse team blocked the account of the ransomware blackmailers immediately upon learning that they were using a Posteo email.

“We do not tolerate the misuse of our platform. The immediate blocking of misused email accounts is the necessary approach by providers in such cases,” the email provider said. It added that it is no longer possible for the "PetrWrap/Petya" blackmailers to access the email account or send emails, or for them to receive emails using the account.

Posteo deactivating the blackmailers’ account also means their victims would have no way to unlock their files. Critics say that blocking the email would not only fail to stop the attack, but also make sure the victims would not be able to decrypt their infected files.

The email company, however, said that there’s no guarantee the blackmailers would honour their promise once they were paid. “Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal,” it said in an email to Motherboard.

It declined to say how victims can contact the hackers now that the email provided was deactivated. Victims can still pay the hackers the ransom money through the bitcoin address provided, though.

Read more: Govt tells Aussies to report cyber attacks as Petya ransomware hits businesses

Join the Discussion