2017's second massive ransomware attack, dubbed NotPetya, that affected computers all over the world is continuing to pose a puzzle, mainly due to the apparent erratic behaviour of hackers allegedly linked to the attack.
Earlier in the week, hackers believed to be associated with the NotPetya attacks reportedly resurfaced to clean out their bitcoin wallet.
Hours before the bitcoin wallet tied to NotPetya was emptied, a new message reportedly appeared demanding that victims pay 100 bitcoins ($255,000, £197,000) in exchange for a private key that allegedly decrypts all files encrypted with the NotPetya ransomware.
Motherboard reported that although the message failed to specify where victims could send their money, the hackers have set up a new bitcoin wallet not associated with the one that was previously collecting ransoms.
It was also reported that some of the hackers associated with NotPetya successfully decrypted a 200KB Word file as proof that they are in possession of a decryption key.
This only goes to further obscure the matter, given that several security experts previously indicated that the motive of the attacks was not to make money but to create havoc.
Researchers previously found that NotPetya was not a regular ransomware, but functioned as a wiper malware – thus encrypted files were destroyed and could not be decrypted.
Despite the hackers now having reportedly decrypted a file, researchers are still of the opinion that this may not be enough evidence that all Notpetya-encrypted files can now be recovered.
Matt Suiche from Comae Technologies told Motherboard that he suspects that the hackers are "trolling" or attempting to confuse security researchers and journalists.
"They already f***ed people even if they release the private key," Suiche said. "They already put people in a situation where they can't recover their files and data even if the private key is released."