The perpetrators of a recent cyber-attack that disrupted businesses across the world appear to have accessed the ransom payments they raised.
Just over £7,900-worth of virtual currency has been moved from the Bitcoin address listed in the blackmail demand that appeared on hacked PCs.
One expert said there was little doubt the funds had been tapped by those responsible for the crime.
And it seems they have now made a fresh ransom demand.
However, analysts suggest the move is intended to confuse investigations into the matter.
In other related developments, Ukraine’s interior minister has said the police managed to prevent a second wave of attacks by shutting down and confiscating computer servers used by a local software company, which is thought to have unwittingly helped the Petya-variant virus to spread.
And after having repeatedly denied any involvement in the transmission of the malware, the developer Intellect Service has acknowledged an upgrade to its MeDoc tax software was indeed “contaminated”, allowing the attack to be carried out.
“As of today, every computer which is on the same local network as our product is a threat,” the company’s chief executive Olesya Bilousova told reporters.
She added that one million computers in Ukraine had MeDoc installed on them.
The police have recommended that everyone stops using the program and turns off computers that have it.