(Bloomberg) -- The cyberattack that has hit businesses and governments across Europe, Latin America and Asia is similar to last month’s WannaCry attack in more ways than simply the method used to spread across computer networks. Like WannaCry, this attack looks like ransomware, but probably isn’t, security experts say.
Ransomware encrypts data on an affected computer. The hacker then extorts money from the computer’s owner -- usually in bitcoin -- for a decryption key. WannaCry and this most recent attack did the same, but in this case it encrypted an infected machine in a way that makes decryption difficult, Samani says. “It is there to be disruptive.”
David Palmer, director of technology at U.K. cybersecurity company Darktrace, says if this was ransomware, it was hard to reconcile with the ingenious design of the attack. It spread through what appeared to be a legitimate accounting software patch and then used multiple stealthy techniques, including stealing login credentials, to infect other machines on a network with little thought about how the perpetrators would actually get paid.
“In the past, criminals behind these attacks were trying to make it as easy as possible for victims to pay the ransom,” Palmer says. “That isn’t the case here. The ransom approach is completely backward to the way ransomware has evolved in the last several years.”
Palmer also says this malware didn’t merely encrypt data on an infected machine, it essentially destroyed it by scrambling the data and then overwriting it.
“This will make it very hard for most organizations to undo the damage without some good, recent backups,” he says.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access