- Feb 4, 2016
- 2,520
....some quotes from the article:
....
....
....
....
....
....
....
....
....
NotPetya was designed for mayhem, not making money
This [NotPetya] is definitely not designed to make money," The Grugq said. "This is designed to spread fast and cause damage, with a plausibly deniable cover of 'ransomware.'"
What needs to be made clear is that NotPetya is not a disk wiper per se. It does not delete any data but simply makes it unusable by locking files and throwing away the key.
....
....
....
The NotPetya ransomware that encrypted and locked thousands of computers across the globe yesterday and today is, in reality, a disk wiper meant to sabotage and destroy computers, and not ransomware. This is the conclusion of two separate reports coming from Comae Technologies and Kaspersky Lab experts.
Experts say that NotPetya — also known as Petya, Petna, ExPetr — operates like a ransomware, but clues hidden in its source code reveal that users will never be able to recover their files.
This has nothing to do with the fact that a German email provider has shut down the NotPetya operator's email account. Even if victims would be able to get in contact with the NotPetya author, they still have no chance of recovering their files.
NotPetya never bothers to generate a valid infection ID
This is because NotPetya generates a random infection ID for each computer. A ransomware that doesn't use a command-and-control server — like NotPetya — uses the infection ID to store information about each infected victim and the decryption key.
Because NotPetya generates random data for that particular ID, the decryption process is impossible, according to Kaspersky expert Anton Ivanov.
"What does it mean? Well, first of all, this is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive," said Ivanov.