The Petya based ransomware that attacked the globe this week has been hiding a dangerous secret. It turns out that while cursory glances may indicate that the goal of the malware was profit, a closer look revealed that the ransom demand was only a cover.
Researchers have discovered that the Petya ransomware (also currently known as ExPetya or NotPetya) does not have private key for decryption. Any ransom paid results in a random string of numbers that doesn’t actually do anything.
What results is malware which is more designed for destruction than ransom. Researchers now believe that the amateurish setup of the ransom demand was a cover for the true purpose of the malware campaign. The resemblance to Petya was camouflage to buy time for the malware to spread and cause havoc.
The culprit behind this NotPetya attack is still unknown, and it is unlikely that those responsible will claim responsibility. It wouldn’t be surprising if Russia stands accused again, seeing that a large number of victims happen to be from Ukraine.
This deception is the sign of a completely different kind of cyberattack. It looks more like a state-sponsored actor testing a new cyberweapon, considering that it has crippled international shipping, infrastructure, and several hospitals. On the other hand, it could be a new form of cyberterrorism.
[Source: Kaspersky Lab]