Skip to main content
close search
site logo
Dive Brief

Security researchers conclude global cyberattack a 'wiper,' not ransomware

Published June 29, 2017
Naomi Eide's headshot
Managing Editor
Adobe Stock

Dive Brief:

  • Security researchers have discovered that the recent global cyberattack — referred to as NotPetya, ExPetr or Nyetya — was not a ransomware attack, but rather a "wiper" that makes it almost impossible to successfully recover from, according to Ars Technica and Kaspersky Lab's SecureList. Victims of the attack will not be able to get their data back, according to Kaspersky. 
  • As the security researcher known as "the grugq" pointed out, unlike Petya, this strain of malware was not intended to make money. "This is designed to spread fast and cause damage, with a plausibly deniable cover of "ransomware," the grugq said. That means that even though it appeared like a ransomware campaign, the main motivation of the malware strain was to destroy data. 
  • More damaging than initially thought, early reports from Microsoft found malware infections in 64 countries, impacting more than 12,500 machines. With "worm capabilities," the ransomware can move across infected networks laterally. Confirming early reports, Microsoft said the infection appears to involve a "software supply-chain threat" from M.E.Doc, a Ukrainian company that develops tax accounting software. By Wednesday, the malware strains victims included U.S. drug maker Merck, a healthcare network in Pennsylvania and a Cadbury chocolate production facility

Dive Insight:

The conclusion that Nyetna is not a ransomware attack confirms threats that security experts have long-feared: Ransomware attacks can disguise what is actually happening at the root of an attack. As with smokescreen DDoS attacks, Nyetna works in much the same way to fool researchers and stakeholders and potentially cause more system damage. 

The big question the security community is left with now is what motivated the attack? Though attacks could be conducted by nation state actors or cybercriminal organizations, with no viable means to receive payment for the attack, it is likely one of the main motivations is to cause chaos. Global attacks leave security communities scrambling to understand the nature of the attack and how to stop another one in the future. 

But there is never a sure way to completely block cyberattacks — no security wall is strong enough to deter all attacks. Rather, attacks become about how quickly companies can respond. With operations suspended from wide-scale cyberattacks, the clock starts ticking, counting how long it takes for organizations to recover. 

Those companies severely incapacitated will have systems modernization efforts they need to do. Prevention can go a long way too. As Robert Rohrmansenior director of information services infrastructure at CompTia, pointed out in a statement, making sure vendor patches are efficiently installed and put a machine update plan in place. 

But the most important thing? Timely backups. With a cyberattack like Nyetya, data can actually be damaged. The only way to ensure an organization's proprietary information is not corrupted is to make sure it can fully restore systems from backups. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell