• PetyaWrap was designed to make headlines, not to make money

    Posted on June 28, 2017 at 20:10 CDT by Comment in the Forums

    … and it certainly succeeded.

    Security researcher Matt Suiche has published more details about PetyaWrap (NyetPetya, Petya.2017, choose your favorite cute name) that show quite conclusively that the person/organization behind PetyaWrap wasn’t interested in making money — they just wanted to make a big splash. Suiche calls it a “wiper,” as opposed to ransomeware:

    The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration.

    Dan Goodin at Ars Technica has a new analysis that strengthens Suiche’s conclusion: Tuesday’s massive ransomware outbreak was, in fact, something much worse:

    the payload delivered in Tuesday’s outbreak wasn’t ransomware at all. Instead, its true objective was to permanently wipe as many hard drives as possible on infected network…

    Tuesday’s malware was impressive. It used two exploits developed by and later stolen from the National Security Agency. It combined those exploits with custom code that stole network credentials so the malware could infect fully patched Windows computers. And it was seeded by compromising the update mechanism for M.E.Doc, a tax-filing application that is almost mandatory for companies that do business in Ukraine. The shortcomings in the ransomware functions aren’t likely to be mistakes, considering the overall quality of the malware.

    If the intent of the PetyaWrap author(s) was to sow fear of Windows, they certainly succeeded. Because of the way PetyaWrap infects, very few of you have been hit. The next version may not be so kind.

    Chromebooks are looking better every day.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.