It is news these days that a new very powerful WannaCry-style ransomware has been spread. Actually, take this information “with a grain of salt” because apparently there is still a lot of uncertainty among security experts about the nature of this global-scale attack.
Petya, the name of the hypothetical ransomware, initially seemed to be an old acquaintance, in reality there are still many doubts about the origin of this malicious code.
But let’s understand where the alarm came from. This time the first country to suffer is Ukraine, where the Central Bank, the state-owned telephone company and an airport have been compromised, and according to Eset sources, the second country to be most affected is alas Italy.
We know ransomware as the ransom virus, i.e. a malicious code that blocks access to your (stolen) data and asks for blackmail money for its return. However, experts claim that in reality Petya was not launched with the goal of extorting money from victims, but with the purpose of destroying the data contained in the hard drives of infected PCs, forever. To make things clearer: Petya, like classic ransomware, demands a ransom in Bitcoin to be sent to an email address in Germany that has already been blocked by the provider. In practice, anyone who now wants to pay the ransom to get their files back has no way of telling the hackers that payment has been made. Basically, it seems that the part of the code designed to do damage was written in a very refined and complex way (unlike, for example, what happened with WannaCry), adopting many tricks to make sure it accomplished its task, while the same cannot be said about the part focused on payment in Bitcoin.
Under the circumstances, experts are leaning towards the thesis that Petya is not aimed at enriching the hackers who launched the attack, but is either a way to create chaos and damage, or a rehearsal for an imminent and even more devastating attack. And as for WannaCry, also in this case the hypothesis that behind the attack there is a nation and not a fictitious group of hackers acting to get rich remains under consideration by the experts. Technically speaking, Petya should be defined not as ransomware but as a wiper, whose sole purpose is to destroy the contents of the hard drive.