Petya Ransomware Attack: Global Cyberattack May Have Aimed To Destroy Files, Computer Systems

The Petya ransomware attack that hit tens of thousands of computer systems in 65 countries earlier this week may not have been ransomware at all, but a more destructive form of malware designed to sabotage government and commercial organizations.

A top Ukrainian police official told Reuters on Thursday that there is growing belief the attack was not designed to hold hostage important files in order to extort money out of victims, but rather to target important computer infrastructure.

Read: What Is Petya? Ransomware Attack Hits Computer Systems Across The Globe

Security researchers have suggested similar findings after examining the technical aspects of the malicious software. Raj Samani, the chief scientist at cybersecurity firm McAfee, told International Business Times the attack is “ransomware in name” but “destructive in nature.”

While the attack has generated more than 45 payments and about $11,000—MalwareTech, the security researcher who found the killswitch on the similarly widespread WannaCry ransomware attack— reported paying the ransom will not restore files on a victim’s computer.

According to a Ukrainian police official who spoke to Reuters, the ransomware presentation of the Petya attack was likely a smokescreen designed to hide a more malicious and destructive attack aimed at affecting computer systems that are vital parts of government and business infrastructure.

The offiical referred to the malware as a “wiper,” or a tool used to delete data and wipe clean hard drives. Whereas ransomware encrypts files and makes them inaccessible until the victim pays a fee, a wiper simply aims to destroy.

Read: Petya Ransomware Update: Cyberattack Spreads to 12,000 Machines In 65 Countries

"Since the virus was modified to encrypt all data and make decryption impossible, the likelihood of it being done to install new malware is high," the official told Reuters.

While the attack has yet to be attributed to a source and the motivation for it is still unknown, it does appear the primary targets of the malicious software were located in Ukraine. Microsoft estimated 12,500 machines in the country alone were hit by the attack.

While many of those machines belonged to government organizations, it is believed the initial target may have been M.E.Doc, a Ukrainian company that develops and publishes tax accounting software.

The initial attack hit the software supply chain of the company’s tax software MEDoc, which then spread through a system updater process that carried malicious code to thousands of machines, where it was executed and continued to spread the infection through other networks.

While there doesn’t appear to be clear evidence yet, Ukrainian officials have already begun assigning blame to Russia for the attack. A spokesperson for the Russian government dismissed the claims and called them “unfounded blanket accusations.

While it’s possible Russia had no involvement in the attack, the sense of suspicion from Ukraine comes from a history of meddling made by the Kremlin. The Ukrainian government has previously attributed two cyber attacks against the country’s power grids to Russia, though officials in Moscow have denied such claims.