© 2019 SourceMedia. All rights reserved.

Latest hack may be about disruption not money, experts say

(Bloomberg) -- The cyberattack that has hit businesses and governments across Europe, Latin America and Asia is similar to last month’s WannaCry attack in more ways than simply the method used to spread across computer networks. Like WannaCry, this attack looks like ransomware, but probably isn’t, security experts say.

Ransomware encrypts data on an affected computer. The hacker then extorts money from the computer’s owner -- usually in bitcoin -- for a decryption key. WannaCry and this most recent attack did the same, but in this case it encrypted an infected machine in a way that makes decryption difficult, Samani says. “It is there to be disruptive.”

servers 21.jpg
Blue light illuminates cables on an E9000 blade server rack, manufactured by Huawei Technologies Co. Ltd., at the CeBIT 2017 tech fair in Hannover, Germany, on Monday, March 20, 2017. Leading edge technologies in the digital world are showcased in this annual event which runs March 20 - 24. Photographer: Krisztian Bocsi/Bloomberg

David Palmer, director of technology at U.K. cybersecurity company Darktrace, says if this was ransomware, it was hard to reconcile with the ingenious design of the attack. It spread through what appeared to be a legitimate accounting software patch and then used multiple stealthy techniques, including stealing login credentials, to infect other machines on a network with little thought about how the perpetrators would actually get paid.

“In the past, criminals behind these attacks were trying to make it as easy as possible for victims to pay the ransom,” Palmer says. “That isn’t the case here. The ransom approach is completely backward to the way ransomware has evolved in the last several years.”

Palmer also says this malware didn’t merely encrypt data on an infected machine, it essentially destroyed it by scrambling the data and then overwriting it.

“This will make it very hard for most organizations to undo the damage without some good, recent backups,” he says.

For reprint and licensing requests for this article, click here.