Email Provider Shuts Down Petya Inbox Preventing Victims From Recovering Files

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
...some quotes from the article:

Posteo, the email provider where the Petya author is hosting an inbox to handle victims from today's massive ransomware outbreak, has announced that it shut down the crook's email account: wowsmith123456@posteo.net.


The German email provider's decision is catastrophic news for Petya victims, as they won't be able to email the Petya author in the case they want to pay the ransom to recover sensitive files needed for urgent matters.

This email address was crucial
This email address is displayed in Petya's ransom note as the only way to contact the Petya author. Victims have to pay the ransom and send an email with their Bitcoin wallet ID and infection key to the author.
The Petya developer will verify that the victim made a Bitcoin payment from the emailed wallet ID, and then supply a decryption code based on the victim's supplied ID.

With this email down, victims are now facing the incredible situation of having lost access to files stored on their computers.
Based on Posteo's explanation, the Petya author won't be able to access this email address, while victims won't be able to send new emails to the wowsmith123456@posteo.net inbox.
Click to expand...


Email provider followed normal procedures
The email provider says it followed normal procedures in these types of abuse cases and shut down this address early in the morning after it learned it was part of a ransomware scheme, but before it found out it was part of the massive Petya outbreak.

The company told Bleeping Computer it is in contact with the country's Federal Office for Security in Information Technology "to make sure that we react properly."
Click to expand...

In normal circumstances, law enforcement won't take down servers and email addresses used in ransomware operations, as not to hurt victims that want to pay and recover data. Shutting down such servers and emails aggravates ransomware infections many times over, as some victims won't be able to recover precious files.
Click to expand...
 
  • Like
Reactions: In2an3_PpG, HarborFront and silversurfer
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Hive ransomware disrupted after FBI hacks gang's systems
Replies
1
Views
677
News Archive
upnorth
upnorth
snadge
Advice Request Infected Inbox, dodgy threat emails
Replies
7
Views
783
General Security Discussions
snadge
snadge
Kongo
    • +Reputation
    • Like
The State of Ransomware 2023 | Sophos News
Replies
1
Views
1,899
News Archive
HarborFront
H

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top