The anonymous creator of the “Petya” ransomware that has been used to attack computer systems since 2016 resurfaced Wednesday to offer their help combatting a new global malware epidemic that’s based in part on the original Petya code.
Ransomware like Petya typically encrypts data or renders a computer inoperable until the victim pays money or completes another action — the “ransom.”
But the new attack that has ravaged systems in the United States and Europe since earlier this week, dubbed “NotPetya” for its similarity to the ransomware, is believed to only pose as ransomware while it destroys data.
Janus Cybercrime Solutions, the name used by Petya’s original creator or creators, tweeted that it was “havin a look” at NotPetya and seeing if it could be cracked.
It’s not clear whether NotPetya is similar enough to Petya for the original ransomware’s creator to hinder its spread, if they wanted to.
There are currently arguments over whether the malware is significantly similar to Petya to call it a Petya variant, a debate that prompted the “NotPetya” name.
NotPetya requires users to pay the ransom and email an identification code to the attacker to retrieve a system’s unique decryption key, according to a Thursday report from Russian cybersecurity firm Kaspersky Labs. But the identification code displayed by the malware is fake, randomly generated and not connected to the actual identification code a user would need to get a decryption key.
On Wednesday, Comae Technologies founder Matt Suiche reported that the master boot record was effectively deleted by NotPetya and was not reversible. Both concluded that NotPetya was not actually ransomware. Instead, it’s believed to be a wiper — malware designed to wipe hard disks.