Crime Group Behind ‘Petya’ Ransomware Resurfaces to Distance Itself From This Week’s Global Cyberattacks – Gizmodo
Janus Cybercrime Solutions, the author of Petya—the ransomware initially attributed with Tuesday’s global cyberattacks—resurfaced on Twitter late Wednesday, seemingly offering to help those whose files can no longer be recovered.
The altruistic gesture, even if it does prove fruitless, is uncharacteristic of the criminal syndicate that launched an underworld enterprise by placing powerful exploits in the hands of others to deploy as they see fit. It may also simply indicate that Janus would prefer not to be tagged with the spread of “NotPetya”—so named by Kaspersky Lab, which has itself sought to differentiate between Janus’ ransomware and that which worked havoc across Europe this week.
There’s consensus now among malware experts that NotPetya is actually a wiper—malware designed to inflict permanent damage—not ransomware like Petya, which gave its victims’ the option of recovering their data for a price.
The earliest analysis of this was offered on Tuesday by security researcher the grugq, who wrote: “The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware.’”
In a tweet late Wednesday, the public face of Janus came to life after seven months of silence, suggesting that files locked by NotPetya might be recovered using a Janus private key. At time of writing, they’ve yet to elaborate any further.
In early 2016, Janus launched a darknet website based on a black-market business model called Ransomware-as-a-Service (RaaS). Simply put, they offered other criminals access to a sophisticated ransomware-distribution platform. Its customers, after paying a nominal registration fee, could use the platform and in exchange Janus received a cut of all ransom paid. The customers tracked infection rates via a simple web interface, which also allowed them to adjust the ransom amounts. Janus, which has presented itself as a “professional cybercriminal” organization, even offered technical support, mitigating bug reports and fielding requests for new features to its beta platform.