Two minutes later, they sent $316 to an address owned by PasteBin, which also allows users to post messages anonymously and is accessible on the normal internet.

Shortly before those transactions occurred, the hackers had posted the aforementioned message on both of those sites, offering to sell a master decryption key for 100 bitcoins, or roughly $260,000 USD. The hackers presumably sent the payments to prove the messages were genuine.

About 35 minutes later, the remaining bitcoins were moved to another account, and have stayed there since:

Security researchers have continuously speculated that the Petya/NotPeta attack was politically motivated and not about the money. The Ukrainian government has accused Russia of masterminding the attack. Russia has denied any involvement.

That funds have now been moved out of the original account may suggest something about the identity of the hackers, but it’s not yet clear what that is. It could just as easily be a government attempting to throw off investigators as an independent hacker or group trying to make a quick buck. And although the virus hit large companies around the world—including the British advertising agency WPP, the Danish shipping and oil group Maersk, and the pharmaceutical giant Merck in the United States—it’s likely far too late to expect any of those companies, or anyone, to pay $260,000 for the master key.

📬 Sign up for the Daily Brief

Our free, fast, and fun briefing on the global economy, delivered every weekday morning.