In-brief: On Tuesday, a ransomware infection spread across Europe and even affected companies and systems as far away as the United States and Brazil. Iain Thomson at The Register breaks down the malware used in the attack, dubbed NotPetya because it disguises itself as the Petya ransomware, although in the end it seems it was designed to wreak havoc, not collect money.
The cyberworld is still feeling the repercussions of yesterday’s widespread ransomware attack that spanned countries around the globe but primarily seemed to target businesses and agencies in the Ukraine.
A day after the attack—which was crippling everything from PCs to bank machines to cash registers from the Ukraine to Spain and even crossed the ocean to Brazil and the United States—more information has surfaced about the malware used in the attack, cleverly dubbed “NotPetya” because it takes the disguise of the Petya ransomware.
Iain Thomson over at The Register breaks down what Petya (or NotPetya) is and what it isn’t, debunking the idea that the attack was indeed ransomware and aimed at collecting funds for the bad actors who mounted it. Instead, he posits that the malware was mainly intended to “spread merry mayhem”—which it indeed did.
From the article:
It is now increasingly clear that the global outbreak of a file-scrambling software nasty targeting Microsoft Windows PCs was designed not to line the pockets of criminals, but spread merry mayhem.
Although it demands about $300 in Bitcoin to unscramble the hostage data, the mechanisms put in place to collect this money from victims quickly disintegrated. Despite the slick programming behind the fast-spreading malware, little effort or thought was put into pocketing the loot, it appears.
Despite substantial code sharing between the two families of malware, Thomson observes that “the real Petya was a criminal enterprise for making money. This [latest malware] is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ransomware.”
Source: Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide | The Register