Latest hack may be about disruption not money, experts say
(Bloomberg) -- The cyberattack that has hit businesses and governments across Europe, Latin America and Asia is similar to last month’s WannaCry attack in more ways than simply the method used to spread across computer networks. Like WannaCry, this attack looks like ransomware, but probably isn’t, security experts say.
Ransomware encrypts data on an affected computer. The hacker then extorts money from the computer’s owner -- usually in bitcoin -- for a decryption key. WannaCry and this most recent attack did the same, but in this case it encrypted an infected machine in a way that makes decryption difficult, Samani says. “It is there to be disruptive.”
David Palmer, director of technology at U.K. cybersecurity company Darktrace, says if this was ransomware, it was hard to reconcile with the ingenious design of the attack. It spread through what appeared to be a legitimate accounting software patch and then used multiple stealthy techniques, including stealing login credentials, to infect other machines on a network with little thought about how the perpetrators would actually get paid.
“In the past, criminals behind these attacks were trying to make it as easy as possible for victims to pay the ransom,” Palmer says. “That isn’t the case here. The ransom approach is completely backward to the way ransomware has evolved in the last several years.”
Palmer also says this malware didn’t merely encrypt data on an infected machine, it essentially destroyed it by scrambling the data and then overwriting it.
“This will make it very hard for most organizations to undo the damage without some good, recent backups,” he says.