Data security experts from Comae Technologies and Kaspersky Lab have warned us that Petya, the latest ransomware threat that is even deadlier than WannaCry, is out to destroy data, not ransom it.
Technically speaking, Petya is therefore a wiper, not ransomware. Orkhan Mamedov and Anton Ivanov from Kaspersky Lab mentioned that although the malware disguises itself as ransomware, the installation key it shows to the user is merely randomised data. They also believe it has destructive rather than financial motivations.
Sadly, this means that victims will not be able to recover their data, even if they decide to pay up. The email address shown by the malware was shut down by Posteo on Tuesday. At that time, the Bitcoin wallet had collected roughly $10,300 in ransom money.
Matt Suiche from Comae Technologies pointed out that while it was possible to recover from the earlier versions of Petya, the latest version of it does permanent damage, overwriting the first 25 blocks on the hard drive. They believe the malware was a lure to control the media narrative to attract attention to some mysterious hacker group.
Just a day after the Petya outbreak, there were more than 2,000 recorded attacks in over 64 countries all over the world.
According to Microsoft’s announcement that was published yesterday, the initial infections began through MEDoc, Ukraine-based tax accounting software and its otherwise legitimate updater process. They mentioned that this was only an initial speculation, but now they have concrete evidence that this is truly the case.