Skip to main content

Petya ransomware attackers can no longer receive emails from victims

(Image credit: Image source: Shutterstock/Sergey Nivens)

Businesses worldwide have been affected by a new ransomware attack called Petya which bears resemblance to last month's WannaCry attack.    

Once the malware infects a system, it then restarts the computer and demands that the user pay $300 in bitcoin to unlock their encrypted files.  However, while WannaCry and other strains of ransomware had each affected user pay the ransom to a separate bitcoin wallet, Petya has instructed users to pay by emailing their payment information. 

In order to unlock their files, victims of the attack were instructed to pay $300 in bitcoin and then email their bitcoin wallet ID as well as their personal installation

The hackers behind this latest attack decided to use the German email provider Posteo which quickly decided to block the attacker's account.  Victims then had no way to pay to unlock their files and the attacker had no way of collecting the ransom their malware was designed to obtain.    

Posteo explained how it responded to the news that those behind the Petya ransomware attack were using its email services to collect payment from their victims in a blog post, saying: 

“Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo addresss as a means of contact.  Our anti-abuse team check this immediately – and blocked the account straight away.  We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts in the necessary approach by providers in such cases.” 

Image Credit: Sergey Nivens / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.