In addition, they found that the developers intentionally made it hard for victims to pay. First, they used a single Bitcoin address to receive payments. You'd think criminals expecting to get a lot of money from their victims would use several Bitcoin wallets to make processing a lot faster. They also required victims to email them with a long string of characters that they have to manually type if they want to access their PCs again. The kicker? The email address doesn't even work anymore*.
That's probably for the best, because as the researchers said, there's no hope of getting their data back even if they pay. However, there seems to be some disagreement when it comes to the malware's -- dubbed PetyaWrap, NotPetya and ExPetr, because it's now obvious that it's not the same Petya ransomware that was first seen in 2016 -- true nature.
MalwareTech disagrees with the assessment that it was intended to be a wiper, since it only destroys the first 25 sectors of the disk. Those sectors are essential, but they're also apparently empty in any standard Windows installation. It's a bit hard to believe the cyber criminals didn't know that. The security researcher agrees, though, that the hackers never intended to make money with their creation:
The questions that must plaguing everyone's minds now are "Who did it?" and "Why?" We still don't have an answer to that, but Ukrainian cybersecurity firms and government agencies think what happened was a state-sponsored cyberattack meant to wreak havoc on Ukrainian institutions. When asked whether he believes that the state sponsor is Russia, Roman Boyarchuk, the Center for Cyber Protection chief in Ukraine, replied: "It's difficult to imagine anyone else would want to do this."
*Update: We were told the email address doesn't work, because the provider shut it down.