The global cyber attack currently working its way around the world is looking increasingly less likely to be ransomware. The crime group behind the Petya ransomware has distanced itself from this week’s global cyber attack. The current attack, which has currently infected systems in 60 countries, was initially suspected to be an offshoot of the Petya virus. However, the author of the ransomware Janus Cybercrime Solutions has now claimed that it is not behind the attack and is offering help to those whose files have been lost.
There is now a growing consensus among security experts that the attack is not Petya. In fact, many experts and the Ukrainian police force are now convinced that the breach is in fact a form of malware, not a ransomware as initially presumed.
Kaspersky Lab was the first company to reach this conclusion dubbing the virus ‘NotPetya. Vyacheslav Zakorzhevsky, head of anti-malware team at Kaspersky Lab said that the firm’s initial reports suggest that it is not a variant of the Petya ransomware at all. “Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before,” he said. “The company’s telemetrics data indicates around 2,000 attacked users so far. Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, Germany and several other countries. The attack vector is not yet known.”
Meanwhile, the Ukrainian police force are now investigating the possibility that the attack is in fact a form of malware disguised as a ransomware in order to infiltrate government systems in preparation for a future attack. The malicious code in the new virus encrypted data on computers and demanded victims pay a $300 ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May. However, a Ukrainian police spokesman said that the likelihood of the new attack being a true ransomware is unlikely. “Since the virus was modified to encrypt all data and make decryption impossible, the likelihood of it being done to install new malware is high," the official said.