A version of the Petya ransomware made ravages worldwide, but the hackers didn't really take any hefty profits from this whole affair.
The cyberattack hit Ukraine the hardest, but it also spread on a global scale, infecting computers in at least 64 countries including the UK, the United States, Australia, Russia, and more.
The supposed ransomware seized computer systems and required a ransom of $300 in Bitcoin. Since it's not really a hefty amount, it rose suspicions that the whole attack might have an ulterior motive disguised as ransomware.
Petya Malware: Ransomware Or Something Else?
The attackers earned less than $10,000 in ransom from users trying to regain access to their files following the attack, so the whole thing seems suspicious. Since the affair doesn't seem to be that profitable, it appears that money was not the main objective here.
The attack could well be a political statement or have some other purpose disguised as ransomware, looking to cause disruption. The cyberattack seems to have started in Ukraine as a more sophisticated version of Petya, and Microsoft found evidence that it originated from a Ukrainian tax account software called MEDoc.
The attackers have set up a payment system for the Bitcoin ransom, but it's basically useless since they left behind an email address, and the email provider has already shut it down. This further bolsters the theory that the whole attack had a different goal and likely aimed to cause massive disruption, particularly in Ukraine, and the hackers disguised it as ransomware to make it seem otherwise. In addition to seizing a computer and its data, this Petya version also contains a Trojan that steals the usernames and passwords of those affected.
The attack is similar to the WannaCry ransomware that hit more than 230,000 systems in more than 150 countries last month, using the same Eternal Blue exploit, but the European Union Agency for Law Enforcement Cooperation (Europol) says that this version of Petya is more sophisticated and it rendered entire systems useless by encrypting their hard drives, as opposed to locking just individual files as in previous attacks.
Political Agenda Driving Petya Attack?
Although the attack seems to be more sophisticated than WannaCry, the Bitcoin address the hackers left behind recorded only 45 transactions of 3.9 Bitcoin in total, which translates to less than $10,000. This further fuels speculation that the attack may not be about money at all, but instead it may have some other goal and it just made it seem that it was financially motivated.
Ukraine has been experiencing a number of cyberattacks in recent times, since things with Russia got hostile three years ago when Russia took hold of the Crimean peninsula. Ukraine has repeatedly accused Kremlin of orchestrating cyberattacks in a "hybrid war" and there is speculation that this latest attack may be part of the same scheme. In this case, the other countries affected aside from Ukraine would be just collateral victims to cover up the real purpose of the attack and disguise it as just another ransomware attack.
Nothing is for certain at this point, however, so take all speculation with a grain of salt.