The victims of this week’s Petya outbreak gives another reason not to pay – the malware is not able to restore files.
Comae researchers and companies of Kaspersky Lab technology have reached the same conclusion as Petya is cleaner, not Ransom ware.
Anton Ivanov and Orkhan Mamedov said Kaspersky Lab malware dressing up as Ransom ware, and the “key installation” that the user was in the ransom of Petya, only randomized data.
“This means the attacker cannot extract the information from decoding such a series generated randomly to the victims, and as a result, the victims will not be able to decrypt any ID encrypted disk installation” said the par.
What this means is the worst news for the victims
Even if they are paying ransom, they will not recover data Secondly, this reinforces the theory that the main goal of the ExPetr attack was not motivated financially but destructive.”
The infected users point to the email address and disappeared in the ransom after it was closed on Tuesday by an e-mail provider. At the time of writing, he had a Bitcoin wallet linked to malicious software, saving about $ 10,300.
Matt Such Company Comae Technologies said the malware intentionally copied the first 25 blocks on the hard drive.
“We believe the program otkupnopravni actually for the control of media lure baits, especially after the incident WannaCry attention to a group of mysterious hackers pull, rather than national public attacker, as we have seen in the past where the wipers are activated as Simeon “She wrote.
According to Suicheu, while earlier versions Petya could recover in his last impostor Petya lasting damage.
The day after the outbreak Petya, at least 2,000 attacks were registered in more than 64 countries.
Microsoft confirmed yesterday by incurring its discontinued data telemetry initial infection by Medoc tax software accounting base in Ukraine.
“Although vector media are and security experts, including their own cyber police Ukraine. It was the only clue to this vector Microsoft has now been pointing out that several active infection ransomes began starting from Médoc Updater’s legal procedure, “Microsoft said.
NATO Secretary General Jens Stolten of the article of collective defense in the North Atlantic Treaty On Wednesday called against cyber attacks.
We have also concluded that a cyber attack on Article 5 can be initiated, and we are in the process of setting up – cybernetics as a military area, that is, we have the land, air, sea and Cyber and military areas, “he said.