Emerging Consensus: ‘NotPetya’ Was Built to Kill Disks, Not Ransom Them
Deducing intent from malware code is tricky, but computer security experts appear to agree that the latest wave of file-encrypting malware was never designed to make its creators rich. Instead, it’s intended to destroy disks.
Computer security experts say the file-encrypting malware that wreaked havoc worldwide starting Tuesday was likely never intended to make its creators rich. Instead, the malware appears to have been designed to wipe data on PCs and ensure that there is no chance that it could ever be recovered.
Analysts continue to pick apart “NotPetya,” which loosely resembles another type of ransomware that emerged last year called Petya. NotPetya is also being called SortaPetya, Petna, ExPetr, GoldenEye and Nyetya.
All of NotPetya’s mysteries have yet to be unraveled, as computer security experts attempt to extract clues and possibly infer intent from the code. But there is a rapidly emerging consensus that NotPetya was not designed to be a moneymaker.
“The main point is that the ransomware is a cover,” writes Matt Suiche, managing director of Dubai-based incident response firm Comae Technologies. “Now we can say this conclusion [is] based on multiple technical attributes.”