The confusion surrounding the rise of another massive ransomware attack is beginning to clear out. It is now known that the source of the problems is somewhere in the Ukraine, with the reports like the one from Kaspersky Lab claiming that more than half of the affected systems are within this country.
Even the most crucial infrastructures of this country got impacted, which includes the airport, multiple banks (including the central one), metro transport, and more. Even Chernobyl power plant was not left unaffected, and its systems for measuring radiation were turned to manual.
The apparent purpose of the attack was to get money, or so it seemed. In reality, very little money actually went to the hackers. Most of the time, when ransomware attacks, it tries to blackmail companies silently and extort as much as possible. It usually works, since the companies want their files back as soon as possible.
Petya, however, doesn’t seem to be able of decrypting the computers it infects. Also, the entire system of payout seems overly complicated, and it only offers one email address that was already blocked a long time ago. The wallet that hackers used for collecting money from the attack have around $10,000. But even this is the money that they can’t collect. So, the question remains, what is really the purpose of this attack?
Many believe that the money is not the point here, but instead, that the damage to Ukraine might be the real reason behind Petya. The strange parts are the fact that the cyber attack if this really is one, has come pretending to be ransomware. Also, it spread to other countries pretty easily, which shouldn’t happen to carefully controlled hacking spree.
The virus is strong, and most of the damage was caused to Ukraine. This caused quite a few questions, and experts have started wondering if that was the goal all along. This might be a nation-state attack that pretends to be a ransomware.
Multiple evidence suggests that this is true. For example, the attack showed that it is good at traveling through networks. However, at the beginning, only a few infections were known, all of them in Ukraine. The real ransomware would have spread in a more chaotic manner from the start.
Many researchers say that the attack started from an accounting program MeDoc, which sent a software update on Tuesday morning. Just before the attack started. Also, it is suspected that malware also might have been planted on the Ukraine-based News’ homepage.
The truth behind the attack is yet unknown. What we can tell for certain is that Ukraine is suffering the most damage, especially in their most vital institutions. While the ransomware’s main purpose is to make money, which is not something so important to Petya. If this were a virus, it would have spread more chaotically. If it was controlled from the start, then the attackers are deliberately targeting these institutions.
If this was true, and Petya truly was a political attack, then Russia is the most likely suspect. They were known for making military interventions in Ukraine. Russia was also suspected of attacking the Ukraine power grid in December 2015. This was thought to be a part of a hybrid-warfare, which includes cyber attacks as well as guerrilla attacks. What supports this theory is the fact that Ukrainian colonel Maksim Shapoval was killed on the same day when Petya attacked.
All the evidence is still circumstantial, however, and not enough to know for sure. Ukraine could have simply been an easy target, and the attackers’ carelessness screwed up their ability to actually get to the money. Petya is still collecting more than just money, and it actually collects data from the infected machine. This might prove important for planning future attacks.
Drawing a line between agents and criminals is also difficult, because of the fact that they mix way too often. For now, it is unclear who is involved, or even what are the real motives behind Petya.