NotPetya bitcoin wallet emptied, posts 100 bitcoin fee for decryption key

The hackers behind last month's NotPetya ransomware attack seemingly removed about $10,000 from the bitcoin wallet where ransom payments were deposited, however, the move has created more questions than answers.

The latest move in the saga that started on June 28 when NotPetya began spreading saw the bitcoins removed from one wallet and then redeposited into another wallet, according to Motherboard. The $10,000 withdrawal emptied the original wallet, according to Bleeping Computer.

Another oddity that took place at about the same time was the posting on PasteBin and DeepPaste of a note by a group labelled #Petya.A #NotPetya claiming to the behind the ransomware attack and saying that for 100 bitcoins, about $256,000, it would send a key to “decrypt any harddisk”. It also moved a small amount of bitcoin into the wallets associated with PasteBin and DeepPaste, several published reports stated.

A chatroom link is provided in the message for interested parties to contact the group, and if nothing else, the people involved are somewhat chatty.

Bleeping Computer and Motherboard each “spoke” with a supposed representative. Motherboard attempted to see if the offer was real, but did not hear back from the group after the initial contact was made. Bleeping Computer attempted to ask questions about the attack last week, but was not given any responses.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.