- Security researchers have discovered that the recent global cyberattack — referred to as NotPetya, ExPetr or Nyetya — was not a ransomware attack, but rather a "wiper" that makes it almost impossible to successfully recover from, according to Ars Technica and Kaspersky Lab's SecureList. Victims of the attack will not be able to get their data back, according to Kaspersky.
- As the security researcher known as "the grugq" pointed out, unlike Petya, this strain of malware was not intended to make money. "This is designed to spread fast and cause damage, with a plausibly deniable cover of "ransomware," the grugq said. That means that even though it appeared like a ransomware campaign, the main motivation of the malware strain was to destroy data.
- More damaging than initially thought, early reports from Microsoft found malware infections in 64 countries, impacting more than 12,500 machines. With "worm capabilities," the ransomware can move across infected networks laterally. Confirming early reports, Microsoft said the infection appears to involve a "software supply-chain threat" from M.E.Doc, a Ukrainian company that develops tax accounting software. By Wednesday, the malware strains victims included U.S. drug maker Merck, a healthcare network in Pennsylvania and a Cadbury chocolate production facility.
The conclusion that Nyetna is not a ransomware attack confirms threats that security experts have long-feared: Ransomware attacks can disguise what is actually happening at the root of an attack. As with smokescreen DDoS attacks, Nyetna works in much the same way to fool researchers and stakeholders and potentially cause more system damage.
The big question the security community is left with now is what motivated the attack? Though attacks could be conducted by nation state actors or cybercriminal organizations, with no viable means to receive payment for the attack, it is likely one of the main motivations is to cause chaos. Global attacks leave security communities scrambling to understand the nature of the attack and how to stop another one in the future.
But there is never a sure way to completely block cyberattacks — no security wall is strong enough to deter all attacks. Rather, attacks become about how quickly companies can respond. With operations suspended from wide-scale cyberattacks, the clock starts ticking, counting how long it takes for organizations to recover.
Those companies severely incapacitated will have systems modernization efforts they need to do. Prevention can go a long way too. As Robert Rohrman, senior director of information services infrastructure at CompTia, pointed out in a statement, making sure vendor patches are efficiently installed and put a machine update plan in place.
But the most important thing? Timely backups. With a cyberattack like Nyetya, data can actually be damaged. The only way to ensure an organization's proprietary information is not corrupted is to make sure it can fully restore systems from backups.