Ransomware or Wiper: An interesting move seems to be taking the recent cybercrime with malware Petya / Notpetya which struck dozens of countries around the world this week. Security experts are increasingly approaching the view that it is NtPetya this is not a conventional ransomware. As they say, it's probably a sabotage tool.
Companies and organizations affected by cybercrime in Ukraine, Russia, the USA, and other countries in Europe, Asia and Australia could never recover their data.
WannaCry was a disaster, but it was a tool full of bugs created by amateurs. Petya, according to experts, is not an amateur tool but a powerful ransomware that can infect any version of Windows. (Including Windows 10).
On the other:
Several researchers and security companies, including Kaspersky, believe that malware invading computers simply was disguised as a ransomware.
The malware took advantage of the "noise" that managed to create it WannaCry , something that served as a "bait" for the media.
And while its developers have tried to make it look like ransomware, the researchers point out that it is actually a "wiper", since it erases parts that a disk needs to run.
Ransomwares and hackers are becoming the scapegoats of nation state attackers. Petya is a wiper not a ransomware.https://t.co/lkrfWMw2Zl
- Matt Suiche (@msuiche) June 28, 2017
Based on the claims of security researchers, even if the required liters are paid, the victim's disk can not be recovered.
This is because NotPetya generates a random infection ID for each computer. A ransomware that does not use a C&C server, such as NotPetya, uses the infection ID to store information about each infected computer, along with the decryption key.
Because NotPetya generates random data for that ID, the decryption process is impossible, says researcher Anton Ivanov, Kaspersky.
"What does this mean; First of all, this is the worst news for the victims - even if they pay the ransom they will not get their data back. Second"This reinforces the theory that the attack is not motivated by financial motives, but destructive," Ivanov added.
[su_note note_color = ”# e8eed6 ″ text_color =” # 494134 ″ radius = ”1 ″]How does Petya / NotPetya work and spread? How can we protect ourselves?[/ su_note]
Ransomware, Wiper or something else?
Kaspersky reports that more than 60 per cent of the attacks took place in Ukraine. Russia is the second on the list with 30 percent. And these are just the initial findings of the company's ongoing research.
The initial analyzes are slowly being refuted and the story seems to be taking a completely different turn. More and more researchers believe that this is a generalized cyber attack, possibly with political criteria. However, they point out that NotPetya is not ransomware, but malware that wipes systems, destroying files.
MalwareTech, however, seems to disagree with this approach, claiming that the software only destroys the first 25 sections of the disk.
As the researchers say quite rightly:
"These partitions of the disk are necessary, but they are also empty in standard Windows installations. "It's a little hard to believe that cybercriminals didn't know this."
MalwareTech researchers, however, agree that the hackers did not have the financial benefit as an incentive.
Ransomware Who is behind the attack?
And as researchers continue to analyze, the questions that now arise are "Who did it?" and why;"
We do not have a response at this time. But the Ukrainian government security agencies and services believe that what happened was a government-sponsored attack. The purpose of this attack was to cause a blow to the Ukrainian institutions.
When asked if he believes Russia is behind all this, the head of the Center for Cyber Protection in Ukraine replied:
"It's hard to imagine anyone else who would want to do that."