The malware blocked computers and left a ransom note demanding $300 in bitcoin currency. It instructs victims to contact the hacker via email once they have sent the money, to get the key needed to decrypt their files and get the money back.
The hackers gave an email address hosted by the German Posteo service. However, Posteo has decided to block the account, leaving anybody who does pay the ransom without a way of letting the hackers know their details.
Do not pay the #Petya ransom. You will not get your files back. The email address used is blocked! @SwiftOnSecurity @thegrugq pic.twitter.com/NOzxLz0vul
— haveibeencompromised (@HIBC2017) June 27, 2017
"We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases," Posteo stated on Tuesday.
In an email to the tech website Motherboard, Posteo said, "Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal."
More than 30 victims are believed to have paid the ransom so far, although it is unclear whether their files were then decrypted.
Petya spreads using a similar method to the WannaCry virus which spread last month by attacking vulnerabilities in older Windows operating systems. Both viruses are derived from code known as Eternal Blue, which was developed by the NSA and leaked by the Shadow Brokers in April.
