Security researchers: Petya malware was designed to destroy information, not make money

in #malware7 years ago (edited)

Yesterday morning, a new and nasty piece of ransomware dubbed Petya began spreading across the globe. Based on an exploit that was also used during the WannaCry ransomware attack, Petya locked down machines and demanded payment in the form of android-malware.jpg$300 worth of Bitcoin. As Petya began to spread worldwide, reports surfaced indicating that it had already impacted IT systems at companies such as Merck, Oreo and other large corporations

DON'T MISS
Video: Porsche tries to keep up with a Model S and the result is embarrassing
Now that security researchers have had more time to evaluate Petya, it appears as if the ransomware aspect of the attack may have simply been a bit of clever misdirection. As we covered earlier today, this theory was first brought to the forefront via a security researcher Nicholas Weaver who told KrebsOnSecurity that Petya was likely a “deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”

Corroborating this theory, a new security report from Matt Suiche of Comae Technologies reveals that the most up to date version of Petya is not really ransomware, but rather a piece of software designed to destroy information. If anything, the demand for payment via Bitcoin was simply used to mask the malware’s true intention.
Even if victims of Petya opt to pay out the requested $300, it appears that it’s impossible for any of the files to be recovered. Not only that, but the email address used by the hackers was shut down by a German provider, which is to say that victims are completely stranded and out of luck. As it stands now, it’s believed that victims have paid out upwards of $10,000 to the hackers.

Coin Marketplace

STEEM 0.27
TRX 0.21
JST 0.038
BTC 95523.20
ETH 3621.80
USDT 1.00
SBD 3.77