Yesterday a major NotPetya ransomware attack caused panic across the globe. The attackers asked for a ransom from their victims in the form of Bitcoins. While it isn’t as easy to track the cyber-criminals in person, the email ID associated with their Bitcoin account was blocked by the email ID’s provider, German-based company Posteo. Now NotPetya Ransomware victims are unable to decrypt their Files even after made the payment as the Email Provider has shut down the attackers’ Inbox!
Posteo’s effort towards blocking the email ID of the attackers was a noble motive and perhaps will become a precedent for such cases as now the hackers do not have any access to the Bitcoins they received, nor their email ID’s. But this has created a problem for the victims who may have even paid up the ransom amount!
“We do not tolerate any misuse of our platform: The intermittent blocking of abused mailboxes is a normal procedure of providers in such cases.”
However, on the positive site, it would prevent further abuse of IT systems. Since the attackers have no means of contacting the victims, they would not be able to demand the ransom. Furthermore, they might probably not attack systems further since it would be of no profit to them.
Jason Truppi, director at IT firm Tanium, commented on the issue,
“This actually creates some interesting conversation: What is the obligation for a provider to keep it up, right? Is it be better to keep it up and let people get their files back—or is it better to keep it down and stop future attackers from thinking that they’re going to get money. I think it’s probably better to keep it up, to be honest.”
The attacks were reported in Ukraine first. Other than affecting IT firms in the country, it attacked a main pwer station and the main airport at Kiev. The ransomware can also infect personal systems and encrypt files. A silver lining to the dark cloud is the fact that a Vaccine has been found for the NotPetya ransomware. Vaccinate your computer to keep it safe!