Investigations Reveal Hidden Intent Behind "Petya" Malware Outbreak

(PresseBox) ( Ehningen, )
Deeper analysis of the global cyber attacks this week has led IBM security analysts to conclude that these attacks were intended as destructive attacks against Ukraine – the ransomware component appears to have been a way for hackers to hide the true intent of the attack, rather than to make money from ransom payouts.

IBM X-Force IRIS has outlined the evidence behind this analysis in a security intelligence blog here:

In brief:  
  • Evidence shows this attack was designed to permanently disable as many machines as possible rather than for financial gain:
  • The information provided in the “ransomware” is not accurate or relevant to unlocking any affected machine - it is incapable of relaying the information the attacker would need to provide the correct decryption key
  • The design of the attack suggests that it was carried out by a technically skilled group of cybercriminals, yet the “ransomware” components showed little to no expertise or intent to produce financial gains. Despite the global spread of the malware, IBM Security researchers also believe that this attack was specifically targeted at Ukraine
  • The compromised websites and software used to initiate the infection were clearly aimed at Ukrainian users – including tax software used specifically for organizations doing business in Ukraine, as well as planting malicious code within Ukrainian specific website.
  • In fact, “patient zero” (the initially infected machine) in all of the impacted organizations IBM has analyzed has been based in the Ukraine
Please let me know if you'd like to speak with an expert from IBM Security about these attacks.

New Blog Postfrom Mike Oppenheim, Global Research Lead, IBM X-Force IRIS (June 29 at 5pm ET, New York time)

Original Blog from June 27 and June 28 recapping Petya variant attacks from Diana Kelley, Global Executive Security Advisor, IBM Security
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to