The global WannaCry and NotPetya attacks were both examples of pseudo-ransomware, according to McAfee researchers
Despite claims to the contrary, WannaCry malware was well-written with evidence of good data governance, according to Raj Samani, chief scientist and fellow at McAfee.
Although WannaCry’s inability to automatically decrypt once the ransom had been paid initially appeared to be a mistake, it pointed to the malware’s true purpose, he told the 2017 Wired Security Conference in London.
“WannaCry collected only around $150,000, which is relatively little compared with the $325m collected by the CryptoWall ransomware, which led us to conclude that we were seeing the rise of pseudo-ransomware, which was quickly followed by another example in the form of NotPetya,” said Samani.
WannaCry may have been a proof of concept, but the true propose, he said, was to cause disruption, which is consistent with what researchers are learning when going undercover as ransomware victims to ransomware support forums.
“When one of our researchers asked why a particular ransom was so low, the ransomware support representative told her that those operating the ransoware had already been paid by someone to create and run the ransomware campaign to disrupt a competitor’s business,” said Samani.