Presumed GoldenEye hackers surface online demanding $260,000 for decryption keys

The hackers behind the GoldenEye/Petya ransomware gave the first signs of life since the outbreak by posting new ransom demands, along with a signature for the malware’s private key, as evidence that they are the ones behind the June 27 attack. Their new demands? 100 Bitcoins worth $258,000.

Around 10 PM (UTC) yesterday, the roughly $10,000 in the bitcoin wallet associated with GoldenEye was moved to a different wallet. Two small donations were also made to the bitcoin wallets of Pastebin and DeepPaste, sites hackers use to make anonymous announcements.

According to separate sources who verified the identity of the authors, the hackers” new demand is now 100 BTC in exchange for the decryption key to unlock files encrypted by the GoldenEye/Petya ransomware.

In an interview conducted on a Dark Web chatroom with the presumed hackers, the guys at Motherboard learned that the demand was so steep because the key was allegedly capable of decrypting “all computers” infected with GoldenEye/Petya. The key, however, would not decrypt entire hard drives, as the ransomware used a separate key for entire-volume encryption, to prevent infected systems from booting their OS.

Experts believe the 100 Bitcoin demand is an attempt at further confusing the media, and cybersecurity firms, deflecting attention from what is believed to be a state-sponsored attack.

The consensus among security researchers is that GoldenEye/Petya was merely “dressed up” as ransomware, when the real purpose was to wipe data and cause havoc.