The cybercriminal/ cybercriminals that allegedly created the original Petya ransomware strain is reportedly back after a six-month-long silence. The ransomware author/authors, going by the pseudonym Janus, reappeared on Twitter following the global NotPetya ransomware attacks and claimed to want to help victims of the recent attack in unlocking their encrypted files.
In a tweet, Janus indicated that he might be in possession of a master decryption key, which could possibly work with the new Petya variant. In the event that the decryption key worked with the new variant, victims of NotPetya would be able to decrypt and gain back access to their files.
Janus sold Petya, which was designed much like other ransomware variants, as a Ransomware-as-a-Service (RaaS) in 2016, the HackerNews reported. Since Petya was sold as a RaaS, any cybercriminal could potentially have bought the ransomware's code to launch attacks or alter the code to then leverage it in new attacks.
However, security experts say NotPetya is not a regular ransomware, instead, it is now widely considered to be a wiper malware, designed to cause destruction, rather than make money for its creators. Since NotPetya is not like a traditional ransomware, this could also mean that even if Janus' intentions to help victims are legitimate and he/they do possess a master decryption key, it may not make much of a difference.
To find out more about the possible motives of the NotPetya hackers and how much money they've made so far, click here.