A widespread ransomware attack dubbed Petya/Petrwrap, bearing close resemblance to the WannaCry attacks earlier this month had hit devices in Spain, France, Ukraine, Russia and a few other countries on Tuesday and now the victims of the attack have been locked out of their devices because the hacker’s email account has been blocked.
Also on Guiding Tech
The hacker behind the attack had an account on German email service Posteo, which has been disabled by the company.
Doing so, they’ve locked out the victims of the attack from retrieving their data as now the victims who’ve paid out won’t be able to receive the decryption key.
“We became aware that ransomware blackmailers are currently using a Posteo address as a means of contact. Out anti-abuse team checked this immediately and blocked the account straight away,” the email company stated.
$300 worth of ransom in Bitcoin was demanded from the victims in order to purchase the decryption key.
Although initial reports indicated that the malware strain had a close resemblance to the Petya ransomware, security experts at Avira and Symantec confirmed that the malware used the same EternalBlue exploit leaked by Shadow Brokers and used in the WannaCry ransomware attack.
“We do not tolerate the misuse of our platform. The immediate blocking of misused email accounts is the necessary approach by providers in such cases,” Posteo added.