The ransomware attack that gripped institutions and companies around the world this week may not have been ransomware at all. Instead, the perpetrators of the attack may have had political motives. Craig Williams, Senior Technical Leader at Cisco's cybersecurity division Talos, suggests the payment network was too small. Williams describes the malware as “unusual” because there was only a single email linked to it and one wallet. Cisco's expert concludes that the ‘ransomware' “may not have been about making money.” Cisco has been tracking the virus, which has undergone a name change. It was originally believed the attack used a strain of the Petya ransomware. However, many experts pointed out that the virus was too different to be given the same moniker. With that in mind, the attack is now being called “NotPetya” or “Nyetya”. Regardless of name, the malware left a heavy toll on countries and organizations and could leave a bill higher than the recent WannaCry attack. Microsoft said yesterday the Nyetya spread started with a legitimate MEDoc process. This is a tax accounting software developed by Ukraine-based company M.E.Doc. The company said 12,500 machines in the country were exploited by the ransomware. Other countries did not escape Petya, with significant reports in the US, Brazil, Russia, Denmark, and Germany. In total, 64 countries were affected. Talos points out that ransomware typically points victims to multiple emails and wallets to maximize the amount of money that can be gathered. Williams says it may be a mimic of ransomware, but not for the purpose of money. “Looks like someone has been trying to design something that looks like ransomware,” he added.
NotPetya Malware Was Not Ransomware Suggests Cisco Expert
The head of Cisco’s Talos cyber security divisions argues a lack of payment methods mean NotPetya was not ransomware and was likely politically motivated.