No decryption in NotPetya ransomware virus

There's no chance of getting your files back after the email company blocked the address. Photo / Getty

The hacker behind Wednesday's global ransomware attack can't get emails from those who met his demands because his account has been closed by the German provider.

Several Australian businesses including courier companies, legal firms and even Cadbury were involved in the Petya cyber attack, which demanded victims send bitcoin to a predefined address to have their files decrypted and then email him with confirmation.

Once received, the hacker would send a 60-character code made up of letters and digits generated by the malware so they could unlock their files.

"If you see this text, then your files are no longer accessible, because they are encrypted," the ransom message read.

"Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

The hacker's plan was flawless until email hosting company Posteo decided to close the account mentioned in the demands.

"Midway through today we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," the email provider wrote in a blog post on Wednesday.

"Our anti-abuse team checked this immediately - and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases."

This might have seemed like a good way to stop the hacker getting the extortion money, however the move also means the victims now have no way of getting the decryption keys needed to unlock their files.

When asked about how the negative repercussions from removing the chance for those caught in the hack to have their content retrieved, the email company said there was no evidence to suggest paying the ransom would have worked.

"Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal. The company did not respond to questions asking how victims can contact the hacker," the company told Motherboard.

While it is still possible for money to be sent to the Bitcoin address, the blocked email will make it logistically impossible for the hackers to make good on their decryption promise.