Email provider closes Petya inbox, preventing victims from recovering files

Posteo, the email provider where Petya’s author hosts an inbox to handle victims of today’s massive ransomware outbreak, announced that it was shutting down the scammer’s email account: wowsmith123456@posteo.net.

The decision of the German email provider is devastating news for Petya victims, as they will not be able to email the Petya author in case they want to pay the ransom to retrieve the sensitive files needed for crimes. urgent matters.

This email address was crucial

This email address is displayed in Petya’s ransom note as the only way to contact the author of Petya. Victims have to pay the ransom and send an email with their Bitcoin wallet ID and infection key to the perpetrator.

Developer Petya will verify that the victim made a Bitcoin payment from the wallet ID sent by email and then provide a decryption code based on the ID provided by the victim.

With this email crashed, victims now face the incredible situation of losing access to files stored on their computers.

According to Posteo’s explanation, the author of Petya will not be able to access this email address, while victims will not be able to send new emails to the inbox wowsmith123456@posteo.net.

The email provider followed normal procedures

The email provider claims to have followed normal procedures in these types of abuse cases and closed this address early in the morning after learning it was part of a ransomware program, but before finding out it was part of the massive epidemic of Petya.

The company told Bleeping Computer it was in contact with the country’s Federal Office for Information Technology Security “to make sure we are responding correctly.”

Posteo also stated that it followed the procedures described in the End of ransom FAQ section. Unfortunately, these instructions were written for the victims, and not for the email providers whose infrastructure has been abused by the ransomware operators.

Under normal circumstances, law enforcement will not remove servers and email addresses used in ransomware operations, so as not to harm victims who wish to pay and recover data. Closing these servers and emails repeatedly worsens ransomware infections as some victims will not be able to recover valuable files.

The whole situation is akin to the WannaCry outbreak, when security products blocked access to the WannaCry killswitch domain, allowing the ransomware to spread further even after it was sterilized.

Article updated with comments from Posteo.

Bleeping Petya / NotPetya Computer Coverage:

Surprise! NotPetya is a cyber weapon. It is not ransomware

Petya Ransomware outbreak originated in Ukraine via contaminated accounting software

Vaccine, not Killswitch, found for Petya (NotPetya) Ransomware Outbreak

Email provider closes Petya inbox, preventing victims from recovering files

WannaCry Deja Vu: Petya Ransomware Outbreak wreaks havoc across the world


Source link

June J. Lopez

Leave a Reply

Your email address will not be published.