The Petya virus turns out to have been a wiper, and not ransomware
(Mirror Daily, United States) – This week, a new virus began ravaging computers all over Europe. Initially, the virus known as Petya posed as ransomware, asking victims to pay $300 to have their files restored. However, it seems this was only a disguise, and the hackers had no intention of unlocking the corrupted devices.
Was the virus a ransomware?
After a thorough analysis of Petya, security experts revealed hackers weren’t able to restore the corrupted files. This happened since the virus was not actually a ransomware, but a wiper. This means it didn’t get hold of the files in question, but erased them right away.
However, Petya has not always been a wiper virus. This is not its first version, and the initial Petya was indeed designed as a ransomware. However, experts noticed the changes present in the current version of the malicious file.
Petya was probably not designed by a hacker group
Matt Suiche is the founder of Comae, the cybersecurity company which performed the analysis on the virus. They discover how this version got its code rewritten, and it was turned from a ransomware into a wiper. The older version encrypted files and then asked for a ransom to decrypt them. Now, the new version no longer encrypts them, but destroys them from the start.
The big question right now is why someone would resort to such an attack. Suiche suggests it is related to the people who were behind it. Therefore, instead of destroying the files directly, the hackers decided to disguise the virus into a ransomware, and trick the media into believing the virus was created by a group of hackers, and not a government.
These are only speculations at the moment, but the virus did indeed target mostly Ukrainian banks, airports, telecommunications, or electricity suppliers. The advanced analysis shows how Petya remained mostly within the Ukrainian borders.
Image Source: Wikimedia Commons