SECURITY ALERT: Updated assessment of “NotPetya” (this weeks’s cyber attacks)


Security firms are re-assessing the most recent wave of cyber-attacks which spread across the world in the last 48 hours.  These attacks were initially thought to be ransomware attacks comparable to the "WannaCry" virus and following a similar trajectory.  "WannaCry" mapped a similar infection trajectory about four weeks ago.  Security firms investigating the current attacks - now being called "NotPetya" - are concluding that it is fundamentally different.

The new assessment is that "NotPetya" is a cyber-weapon disguised as ransomware.  The purpose of ransomware is to extort money from victims of the malicious software attacks, typically be demanding payment in return for a key which can be used to decrypt data the software encrypted.  "NotPetya," however, does not appear to be storing the key which it uses to encrypt the victim's hard drive and, therefore, it is impossible to restore the encrypted data.  Effectively, the malware destroys the victims' data by encrypting it with an unrecoverable key, rather than by deleting or corrupting it.  In brief, it is ransomware which has been weaponized.

As yet there has been no conclusion regarding the author of the "NotPetya" attacks.  It "NotPetya" is in fact a cyber-weapon and not profit inspired ransomware, the probability that it was designed and release by state actors or agents is increased.