07-08-2017 , 08:34 PM
‘NotPetya’ ransomware creators move £8,000 in bitcoin, leaving observers uncertain over the attack’s motive
![[Image: 4000.jpg?w=620&q=55&auto=format&usm=12&f...bfeb9fdd21]](https://i.guim.co.uk/img/media/42d746d9f528945f79a276414cda27efa4309851/0_186_4000_2400/master/4000.jpg?w=620&q=55&auto=format&usm=12&fit=max&s=b9a9a8c835f7847ccb4894bfeb9fdd21)
The bulk of the ransom money, £7,872 worth of bitcoin, was transferred to a second wallet on Tuesday night.
The hackers behind the NotPetya ransomware, which wiped computers in more than 60 countries in late June, have moved more than £8,000 worth of bitcoins out of the account used to receive the ransoms.
The transfer has added credence to messages purporting to be from the attackers offering to decrypt every single infected computer for a one-off payment of £200,000, after security researchers suggested they may be state-sponsored actors.
It is possible to see the movement of the ransom payments thanks to the public nature of the bitcoin currency: all transfers are recorded on the public blockchain, although the real-world identities of the individuals or organisations behind a particular payment address can be near-impossible to discern.
Currently, the blockchain records that the bulk of the ransom money, £7,872 worth of bitcoin, was simply transferred to a second wallet on Tuesday night, but two smaller payments, of £200 each, went to accounts used by two text-sharing websites, Pastebin and DeepPaste.
Around 10 minutes before the payments were made, someone made posts on both those sites claiming to be able to decrypt hard disks infected with the malware in exchange for a payment of 100 bitcoins.
Full Article
The bulk of the ransom money, £7,872 worth of bitcoin, was transferred to a second wallet on Tuesday night.
The hackers behind the NotPetya ransomware, which wiped computers in more than 60 countries in late June, have moved more than £8,000 worth of bitcoins out of the account used to receive the ransoms.
The transfer has added credence to messages purporting to be from the attackers offering to decrypt every single infected computer for a one-off payment of £200,000, after security researchers suggested they may be state-sponsored actors.
It is possible to see the movement of the ransom payments thanks to the public nature of the bitcoin currency: all transfers are recorded on the public blockchain, although the real-world identities of the individuals or organisations behind a particular payment address can be near-impossible to discern.
Currently, the blockchain records that the bulk of the ransom money, £7,872 worth of bitcoin, was simply transferred to a second wallet on Tuesday night, but two smaller payments, of £200 each, went to accounts used by two text-sharing websites, Pastebin and DeepPaste.
Around 10 minutes before the payments were made, someone made posts on both those sites claiming to be able to decrypt hard disks infected with the malware in exchange for a payment of 100 bitcoins.
Full Article