Ransomware and fake ransomware: It used to be simple. The attacks were relatively simple to identify. Take for example the Shamoon. When the attack was analyzed it was clear that it was intended to disturb her victim. In this case the target was clearly Saudi Arabia, and the use of a Wiper in the malicious components software it clearly showed one of the targets of the attackers. Delete and destroy infected systems.
Similarly, the use of ransomware was equally clear.
Its use is intended for ransom payments. What we have seen so far shows that ransomware attacks are designed in such a way as to allow people without the required technical expertise to engage in similar activities. With the availability of ransomware as a service, every wannabe malicious "hacker" can run its own attack.
But the attacks that took place a few months ago (WannaCry The estate provides stunning sea views and offers a unique blend of luxury living and development potential Petya/NotPetya) depict a deviation from the obvious objectives of previous attacks.
Ask yourself: it was their attack Petya / NotPetya successful;
As a ransomware attack, it probably failed because its revenue (10.000 dollars) was insignificant compared to the size of the attack and the know-how used.
If the goal of the attack was to cause widespread disturbances, the attack was probably successful as there are still some victims trying to restore the full functionality of their systems.
In the case of WannaCry and Petya/NotPetya, each analysis can be disputed. What was the real motive and what was the real purpose of the attack.
Very often her answers Infosec They start with "maybe" or "probably", and sometimes there is "it depends." Such responses are clearly inadequate when an attack disrupts the whole world and of course shows that the security community is weak in reading exactly what is happening, as was the case with previous attacks.
On the other hand, the attackers have a huge arsenal of tools that can help them increase their ability to conceal their true purpose.
A DDoS attack is meant to throw a page? or is it an attempt to extortion to make money for the attacker?
With such tactics, it is clear that the need for cooperation and coordination of investigations between public and private sector or private and private sector is more important than ever. But can it be done?
One is clear:
The oldest assumption that the ransom payment after an infection could probably lead the attackers to give up control of the victim's data belongs to the past.