Ransomware and Fake Ransomware: It used to be simple. The attacks were relatively simple to determine. Take for example the Shamoon. When the attack was analyzed it was clear that it was intended to disrupt its victims. In this case, the target was clearly Saudi Arabia, and the use of a Wiper in the components of the malicious software clearly showed one of the targets of the perpetrators of the attack. Delete and destroy infected systems. 
Similarly, the use of ransomware was equally clear.
Its use is intended for ransom payments. What we have seen so far shows that ransomware attacks are designed in such a way as to allow people without the required technical expertise to engage in similar activities. With the availability of ransomware as a service, every wannabe malicious "hacker" can run its own attack.
But the attacks that took place a few months ago (WannaCry and Petya/NotPetya) depict a deviation from the obvious objectives of previous attacks.
Ask yourself: it was their attack Petya / NotPetya successful;
As a ransomware attack, it probably failed because its revenue (10.000 dollars) was insignificant compared to the size of the attack and the know-how used.
If the aim of the attack was to cause extensive disturbances, the attack was probably successful as there are still some victims trying to restore the full functions of their systems.
In the case of WannaCry and Petya / NotPetya, any analysis can be challenged. What was the real motive and what was the real purpose of the attack.
Quite often Infosec community responses start with "maybe" or "probably", and sometimes there is "depend on." exactly what is happening, as with previous attacks.
On the other hand, the attackers have a huge arsenal of tools that can help them increase their ability to conceal their true purpose.
A DDoS attack is meant to throw a page? or is it an attempt to extortion to make money for the attacker?
With such tactics, it is clear that the need for co-operation and co-ordination of public-private, private or private research is more important than ever. Can it happen?
One is clear:
The oldest assumption that the ransom payment after an infection could probably lead the attackers to give up control of the victim's data belongs to the past.
