Ransomware and Fake ransomware: Old was simple. Attacks were relatively simple in identifying them. Take for example Shamoon. When the attack was analyzed it was clear that it was intended to disrupt its victims. In this case, the target was clearly Saudi Arabia, and the use of a Wiper in the components of the malicious software clearly showed one of the targets of the perpetrators of the attack. Delete and destroy infected systems.
Similarly, the use of ransomware was equally clear.
Its use is aimed at ransom payments. What we have seen so far shows that attacks with ransomware have been designed in such a way that they also allow people without the required technical expertise to engage in similar activities. With the availability of ransomware as a service, every wannabe malicious "hacker" can run his own attack.
Ask yourself: it was their attack Petya / NotPetya successful;
As a ransomware attack, it probably failed because its revenue (10.000 dollars) was insignificant compared to the size of the attack and the know-how used.
If the goal of the attack was to cause widespread disturbances, the attack was probably successful as there are still some victims trying to restore the full functionality of their systems.
In the case of WannaCry and Petya / NotPetya, any analysis can be questioned. What was the real motivation and what the real purpose of the attack?
Very often, infosec community answers start with "maybe" or "probably" and sometimes it is "depends." Such answers are clearly inadequate when an attack disrupts the whole world and of course it shows that the security community is weak to read exactly what is happening, as happened with previous attacks.
On the other hand, the attackers have a huge arsenal of tools that can help them increase their ability to conceal their true purpose.
A DDoS attack is meant to throw a page? or is it an attempt to extortion to make money for the attacker?
With such tactics, it is clear that the need for co-operation and co-ordination of public-private, private or private research is more important than ever. Can it happen?
One is clear:
The oldest assumption that the ransom payment after an infection could probably lead the attackers to give up control of the victim's data belongs to the past.