HACKERS connected with last week ’ s devastating NotPetya cyber attack have offered help — but it comes at a price . HACKERS connected with the ransomware that devastated Attack.Ransom overseas banks , power stations , and even Cadbury factories in Australia last week have issued a new ransom demand Attack.Ransom — and it ’ s for much more money than before . The new ransom note was published in two places on the Dark Web and demanded a payment Attack.Ransom of 100 Bitcoins , or about $ 340,000 , in return for a private security key that could decrypt any file locked by the Petya/Goldeneye malware . The hackers even opened a chat room and offered to decrypt one file for potential buyers as proof that the key would work , though it ’ s not clear whether this was a bluff . The demand Attack.Ransom was a significant increase on the ransomware ’ s initial request Attack.Ransom for just less than $ 400 in Bitcoin when the malware was launched in the Ukraine last Tuesday before rapidly spreading through computer networks worldwide . Bitcoin transactions show its creators were able to access more than $ 13,000 paid Attack.Ransom by victims , however , even though their email address was suspended by its German provider . It ’ s not known whether victims who paid the ransom Attack.Ransom received a security key to unlock their files . The dangerous ransomware affected as many as 16,000 computers in 64 countries , according to security firm Clavister , and crippled the operations of several European companies . Some Australian businesses were also affected through their international connections , including Cadbury factories in Tasmania and Victoria , TNT Express courier services , and the offices of law firm DLA Piper . The demand Attack.Ransom or money came amid growing speculation that the ransomware was not designed to make a profit , but was a form of digital terrorism or industrial espionage . ESET senior research fellow Nick FitzGerald said the Petya malware was designed to kill computers first , and ask for money Attack.Ransom second . “ ( Being ransomware ) was a mechanism to help hide the trail of a gang of cyber terrorists or spies , ” he said . Mr FitzGerald advised victims not to pay any ransom Attack.Ransom as there was very little chance they would be able to unlock their files .

HACKERS connected with last week ’ s devastating NotPetya cyber attack have offered help — but it comes at a price . HACKERS connected with the ransomware that devastated Attack.Ransom overseas banks , power stations , and even Cadbury factories in Australia last week have issued a new ransom demand Attack.Ransom — and it ’ s for much more money than before . The new ransom note was published in two places on the Dark Web and demanded a payment Attack.Ransom of 100 Bitcoins , or about $ 340,000 , in return for a private security key that could decrypt any file locked by the Petya/Goldeneye malware . The hackers even opened a chat room and offered to decrypt one file for potential buyers as proof that the key would work , though it ’ s not clear whether this was a bluff . The demand Attack.Ransom was a significant increase on the ransomware ’ s initial request Attack.Ransom for just less than $ 400 in Bitcoin when the malware was launched in the Ukraine last Tuesday before rapidly spreading through computer networks worldwide . Bitcoin transactions show its creators were able to access more than $ 13,000 paid Attack.Ransom by victims , however , even though their email address was suspended by its German provider . It ’ s not known whether victims who paid the ransom Attack.Ransom received a security key to unlock their files . The dangerous ransomware affected as many as 16,000 computers in 64 countries , according to security firm Clavister , and crippled the operations of several European companies . Some Australian businesses were also affected through their international connections , including Cadbury factories in Tasmania and Victoria , TNT Express courier services , and the offices of law firm DLA Piper . The demand Attack.Ransom or money came amid growing speculation that the ransomware was not designed to make a profit , but was a form of digital terrorism or industrial espionage . ESET senior research fellow Nick FitzGerald said the Petya malware was designed to kill computers first , and ask for money Attack.Ransom second . “ ( Being ransomware ) was a mechanism to help hide the trail of a gang of cyber terrorists or spies , ” he said . Mr FitzGerald advised victims not to pay any ransom Attack.Ransom as there was very little chance they would be able to unlock their files .

A new form of ransomware has emerged which is , unusually , being distributed by two separate exploit kits -- one of which was thought to have disappeared -- and demands payment Attack.Ransom in a lesser-known form of cryptocurrency . First seen on January 26 , GandCrab has been spotted being distributed by two exploit kits , RIG EK and GrandSoft EK . According to researchers at security company Malwarebytes , it 's unusual in itself for ransomware to be pushed using an exploit kit , with such tactics usually reserved for trojans and coin-miners . An exploit kit is used by cybercriminals to take advantage of vulnerabilities in systems in order to distribute malware and perform other malicious activities . In contrast , ransomware is usually delivered by spam email . The only other form of ransomware known to be consistently distributed with an exploit kit is Magniber . GandCrab is distributed via the RIG exploit kit , which uses vulnerabilities in Internet Explorer and Flash Player to launch JavaScript , Flash , and VBscript-based attacks to distribute malware to users . It 's possible that RIG spreads GandCrab to victims using malvertising on compromised websites , in an attack method similar to that used by Princess ransomware . GandCrab is also distributed using GrandSoft , an exploit kit which first appeared in 2012 , but was thought to have disappeared . The GrandSoft EK takes advantage of a vulnerability in the Java Runtime Environment which allows attackers to remotely execute code , and in this case is used to distribute GandCrab . Once the payload has been dropped and run on a compromised system , GandCrab , for the most part , acts like any other form of ransomware , encrypting Windows files using an RSA algorithm and demanding payment Attack.Ransom for the 'GandCrab Decryptor ' required to unlock the files . The encrypted files gain a .GDCB extension , with the encryption loop designed in such a way it will eventually affect every file on the drive . However , unlike many forms of ransomware , GandCrab does n't demand payment Attack.Ransom in bitcoin , but rather in a form of cryptocurrency called Dash . Those behind the ransomware demand Attack.Ransom 1.5 Dash ( listed on the note as $ 1,200 , although the fluctuating prices mean it 's ever changing ) as a ransom Attack.Ransom , a price which doubles to three Dash ( $ 2,400 ) if the price is n't paid Attack.Ransom within a few days . The demand Attack.Ransom for payment in Dash represents the latest example of ransomware distributors attempting to move away from bitcoin and onto other cryptocurrency , for reasons ranging from increased privacy and security to other forms of blockchain-based virtual currency being less popular than bitcoin and therefore quicker to process . There 's currently no means of decrypting GandCrab ransomware files for free at this time , meaning the best way to avoid falling victim is to ensure all software updates and patches have been applied Vulnerability-related.PatchVulnerability to ensure the vulnerabilities exploited Vulnerability-related.DiscoverVulnerability by the exploit kits ca n't be used to distribute ransomware from infected sites .