Intalock Summit 2017 Platinum Sponsor – McAfee – Petya More Effective at Destruction Than as Ransomware

At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let’s examine three other well-known ransomware campaigns: Cerber, Locky, and WannaCry.

Generally, the goal of ransomware is financial gain. For a ransomware family to make money in the long term, it must be able to both encrypt and decrypt files. These steps ensure that once payment is sent, data can be recovered. Otherwise, victims will learn that payments are worthless and the ransomware industry’s reputation will suffer, along with the loss in revenue for the criminal. Cerber, Locky, and WannaCry all had methods for decrypting files after encryption. Unlike Cerber and Locky, however, WannaCry lacked victim identification, which left most victims with encrypted disks even after payment. The recent Petya campaign does not include the capability to decrypt files due to changes in the key and victim ID, with or without payment. The word is spreading, and we can expect more and more victims to stop paying the ransom. In a financially motivated campaign, this significantly reduces the ransomware’s effectiveness. Thus, the orchestrators of this campaign appear to be either short sighted or not financially motivated. Read more

Posted by: Claire McKee
20 July 2017