The virus was “unusual” as it had only one wallet and one email linked to it and “may not have been about making money“, according to Craig Williams, Senior Technical Leader at Cisco’s cyber-security division Talos, which has been tracking the virus, called Petya, Nyetya, NotPetya, and ExPetr.
Ransomware usually advertise multiple wallets and emails so that money can be collected from the companies whose data has been affected, said Williams.
“Looks like someone has been trying to design something that looks like ransomware,” he added.
In the case of Petya aka Nyetya, with the wallet and email blocked almost immediately, there was no way the affected companies could make payments, even if they wanted to, he added.
The fact that the attack seemed to have been aimed at Ukraine and came ahead of the country’s Constitution Day, pointed the needle of suspicion at a political purpose, Williams said, adding, however, that it could not be said with certainty that it was a state-sponsored attack.
He said the fact that the virus had affected other countries and companies outside Ukraine could have been a case of “collateral damage”, with the networks of companies that did business with that country becoming infected.
“We believe that’s what’s happening,” he said.
The new cyber-attack began massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and spreading to Asia, Australia, and the…