back to article 'Janus' resurfaces: I was behind the original Petya. I want to help with NotPetya

A Twitter user purporting to speak for the cybercrime group behind the original Petya ransomware has claimed they want to help "repair" the damage caused by this week's attack. The Twitter account Janus Cybercrime Solutions (@JanusSecretary), which went dark for a time after the original Petya outbreak, was reactivated on …

  1. Naselus

    Reputation repair work

    The thing about ransomware is, you need a bond of trust between the writer and the victim. That's why they often have first-rate helpdesks to talk people through their extortion experience.

    NotPetya has tarred the Petya brand - the install key that the new malware offers is completely random, and so it would not be possible to recover the files even if the email account attached hadn't been shut down. So yeah, it's not surprising that the actual Petya crew want to help clean this up - otherise, no-one will trust them enough to pay the ransom during any future attacks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Reputation repair work

      Maybe that was the plan all along.

      Some spurned ransomware crook got shafted, he took the code and made this nasty piece of work we saw this week to screw over those who shafted him. Knowing that the "trust" will be completely wrecked, some people ( note a small miniority ) will finally learn from this and be better prepared. OK, so if this theory has any validity we have to acknowledge that this person or persons would have cut their nose to spite their face but we're not talking about people with much in the way of morals here, if something needs to be done they will do it.

  2. Doctor Syntax Silver badge

    "Regular ransomware authors must be terribly frustrated that NotPetya did damage to their reputation of 'pay and you'll get your files back'," joked Martijn Grooten

    I'm not sure that was a joke. For ransomware to work victims have got to trust they'll get their files back. So, odd though it might seem, victims need to rely on crooks being honest. A few episodes like this and the entire ransomware business model is destroyed. "Frustrated" probably understates it by an order of magnitude.

    However, the assumption that it wasn't intended to be ransomware without further evidence violates the principle of never attributing to maliciousness that which can be attributed to stupidity and underestimates criminals' aptitude for screwing up.

    1. pleb

      Malicious or stupid?

      Regardless of the malicious/stupid question, the fact remains that this incident degrades the ransomware business model. It will be interesting (well, except for those involved) to see how this plays out over the longer term. Will it reduce the incentive to launch genuine ransomware attacks? Will those latent efforts simply dissipate, or will they resurface in other forms of financially motivated cybercrime?

      1. Shane McCarrick

        Re: Malicious or stupid?

        Honestly-

        Its going to make it a sinch for data/system recovery people to come along and sell their wares - in lieu of people paying to have their systems restored. I.e. Why pay a cyber criminal 600 quid to get your system back- when John-joe up the road will get you up and running again for half that- and can now sell his services with the by-line, that you could be wasting your cash handing it over to the cyber-criminals- who may or may not do anything for you- whereas worst case scenario for John-joe is he'll restore your o/s and systems- he may or may not restore your data (depending on whether or not its encrypted and/or over-written)- however, you'll get something for your money from John-joe, but you may get nothing at all from the Ruskies........

  3. Baldrickk Silver badge

    Regular ransomware authors must be terribly frustrated

    One almost wonders if this is a (roundabout) way of making people wary of paying for decrypts after ransomware attacks.

    If people don't pay ("I'm not going to get my files back anyway") then it breaks their income model, which might reduce the threat of ransomware (not profitable enough)

    Though it is a poor way of doing it if so - it's destructive, and they'll just go onto whatever else can make them money...

    1. DougS Silver badge

      Re: Regular ransomware authors must be terribly frustrated

      Some sort of a grey hat hacker making ransomware unprofitable in the future, at the cost of damage being done now? Arguably that would be justifiable on the "greater good" measure over the long run, but if the courts catch up the perp(s) I doubt they'd see it that way - and those affected today definitely would not...

  4. Anonymous Coward
    Anonymous Coward

    You also have to wonder what these criminal ransomware gangs are going to do when/if this attack gets properly attributed. Popcorn anyone?

    1. Frank Marsh

      Concrete shoes

      That's what I'm wondering. Many of these criminal gangs don't restrict their operations solely to the ether.

  5. david 12 Silver badge

    "An antidote might yet be developed"

    ?? Like this ??

    http://www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/

    Or is there confusion about which attack is which?

    1. phuzz Silver badge

      Re: "An antidote might yet be developed"

      That's only a partial antidote. It prevents the encryption/wipe routine from running, but it doesn't stop the malware from trying to compromise and spread to every other computer it can see. If you've not created the perfc.dll on every single vulnerable computer on the network then you're going to lose some data.

      Plus it's a pretty trivial thing for the authors to fix, so it might not work for much longer.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019