Petya Ransomware May Not Have Been About Making Money, Says Cisco's Talos

Share on Facebook Tweet Share Reddit Comment
Petya Ransomware May Not Have Been About Making Money, Says Cisco's Talos
Highlights
  • Petya malware is doubted to be more than just a money-making ransomware
  • Ransomware usually advertise multiple wallets and emails to collect money
  • With Petya, the wallet and email were blocked almost immediately

Petya, the malware that has affected companies and institutions around the world may not have been ransomware - its purpose could have been political, believes a leading cyber-security expert.

The virus was "unusual" as it had only one wallet and one email linked to it and "may not have been about making money", according to Craig Williams, Senior Technical Leader at Cisco's cyber-security division Talos, which has been tracking the virus, called Petya, Nyetya, NotPetya, and ExPetr.

Ransomware usually advertise multiple wallets and emails so that money can be collected from the companies whose data has been affected, said Williams.

"Looks like someone has been trying to design something that looks like ransomware," he added.

In the case of Petya aka Nyetya, with the wallet and email blocked almost immediately, there was no way the affected companies could make payments, even if they wanted to, he added.

The fact that the attack seemed to have been aimed at Ukraine and came ahead of the country's Constitution Day, pointed the needle of suspicion at a political purpose, Williams said, adding, however, that it could not be said with certainty that it was a state-sponsored attack.

He said the fact that the virus had affected other countries and companies outside Ukraine could have been a case of "collateral damage", with the networks of companies that did business with that country becoming infected.

"We believe that's what's happening," he said.

The new cyber-attack began massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and spreading to Asia, Australia, and the US.

According to Williams, Petya aka Nyetya is the first virus to use three lateral vectors - Eternal Blue (same as WannaCry) and PSExec and WMI - both legitimate Windows administrator tools.

WannaCry had affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them.

However, WannaCry was "not much of a financial success", said Williams, as it only made about $30,000 (roughly Rs. 19.3 lakhs) in the first week.

Such attacks were soon going to be common "as more and more people look to make money from ransomware", warned Steve Martino, Cisco's Chief of Information Security, adding that companies need to be proactive in protecting their networks.

India, meanwhile, has largely remained insulated so far from the latest attack.

The Shipping Ministry on Wednesday said operations at one of the container terminals at Mumbai's Jawaharlal Nehru Port Trust (JNPT) were impacted due to a global cyber-attack.

According to the Ministry, a private terminal operator at the JNPT was taking steps to address the issue. It was anticipated that there could be bunching of in-bound and out-bound container cargos.

"We have been taking proactive steps... we have sent out advisories (on the cyber-attack and the malware)... India is not much affected at this stage," IT Minister Ravi Shankar Prasad said at an event in New Delhi.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Canon EOS 6D Mark II Full-Frame DSLR, EOS 200D Entry-Level DSLR Cameras Launched
8tracks Internet Radio Service Hacked; Details of Millions of User Accounts Stolen
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.