After the massive destruction brought forth by WannaCry ransomware, there comes a new ransomware aka state-sponsored cyber attack. The by far named attack Petya ransomware targeted Ukraine mainly. Tuesday was the day when Ukraine became the epicenter of this apparently looking ransomware attack. According to Kaspersky Labs’ report, around sixty percent of the PCs under attack of Petya ransomware were from Ukraine. It penetrated in some of the most crucial areas like the central bank, metro transport, airport and the Chernobyl power plant. The malware forced the plant to shift radiation-sensing systems to manual.

Petya Ransomware’s Inception:

As per the initial analysis, this cyber attack found to have similarities with Petya ransomware came into being back in 2016. The ransomware is that kind of cyber attack that demands a hefty amount of ransom just to line the attacker’s pockets. But, this is not the case with Tuesday’s so-called ransomware attack. The purported purpose of this attack seems to be an apparent contradiction to its real agenda. Categorically, the money made by this ransomware attack appears to be too little according to its size. Moreover, the ransomware attack usually encrypts the file and system and then decrypts it once they get the payouts. But, Petya ransomware case seems quite a jarring. This cyber-attack is unable of decoding the system, and the payment method is also strangely complex.

A Cyber Attack In Disguise:

The total money this Petya ransomware attack made so far is only $10,000 which is quite a little than the standards of ransomware. This leaves the analyst questioning about various aspects. The most heard confusion is whether or not it spread for money only. Maybe this attack purposed to harm Ukraine mainly and then penetrated within the network, affecting the other devices too. However, it is worth noting it’s not the first time when the country fell victim to a massive state-sponsored cyber-attack. And every time such attacks found to have ties with Russia. But this is the first case when such crippling attack i ransomware in disguise.

Security Researcher’s Analyst:

Furthermore, Kaspersky Lab’s researchers found that the malware was created using pseudorandom data which had no links with corresponding key.  Anton Ivanov and Orkhan Mamedov, researchers at Kaspersky Lab, wrote:

“If we compare this randomly generated data and the final installation ID shown on the first screen, they are the same. In a normal setup, this string should contain encrypted information that will be used to restore the decryption key. For ExPetr, the ID shown in the ransom screen is just plain random data.

That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID.

What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom, they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”



Please enter your comment!
Please enter your name here