Ransomware and Fake ransomware: Old was simple. Attacks were relatively simple in identifying them. Take for example Shamoon. When the attack was analyzed it was clear that it was intended to disrupt its victims. In this case, the target was clearly Saudi Arabia, and the use of a Wiper in the components of the malicious software clearly showed one of the targets of the perpetrators of the attack. Delete and destroy infected systems.
Similarly, the use of ransomware was equally clear.
Its use is intended for ransom payments. What we have seen so far shows that ransomware attacks are designed in such a way as to allow people without the required technical expertise to engage in similar activities. With the availability of ransomware as a service, every wannabe malicious "hacker" can run its own attack.
But the attacks that took place a few months ago (WannaCry and Petya/NotPetya) depict a deviation from the obvious objectives of previous attacks.
Ask yourself: it was their attack Petya / NotPetya successful;
As a ransomware attack, it probably failed because its revenue (10.000 dollars) was insignificant compared to the size of the attack and the know-how used.
If the goal of the attack was to cause widespread disturbances, the attack was probably successful as there are still some victims trying to restore the full functionality of their systems.
In his case WannaCry and Petya/NotPetya, each analysis can be challenged. What was the real motive and what was the real purpose of the attack.
Very often her answers Infosec They start with "maybe" or "probably", and sometimes there is "it depends." Such responses are clearly inadequate when an attack disrupts the whole world and of course shows that the security community is weak in reading exactly what is happening, as was the case with previous attacks.
On the other hand, the attackers have a huge arsenal of tools that can help them increase their ability to conceal their true purpose.
A DDoS attack is meant to throw a page? or is it an attempt to extortion to make money for the attacker?
With such tactics, it is clear that the need pluswork και συντονισμού των investigations between public and private sector or private and private sector is more important than ever. But can it be done?
One is clear:
The earliest assumption that the payment of ransom after a contamination could potentially lead attackers to relinquish control over victims' data belongs to the past.