Ransomware and fake ransomware: It used to be simple. The attacks were relatively simple to identify. Take for example the Shamoon. When analyzed the attack it was clear that she intended to disturb her victim. In this case the target was clearly Saudi Arabia, and the use of a Wiper in the malware components clearly indicated one of the attackers' targets. Delete and destroy infected systems.
Similarly, the use of ransomware was equally clear.
Its use is intended for ransom payments. What we have seen so far shows that ransomware attacks are designed in such a way as to allow people without the required technical expertise to engage in similar activities. With the availability of ransomware as a service, every wannabe malicious "hacker" can run its own attack.
But the attacks that took place a few months ago (WannaCry and Petya/NotPetya) depict a deviation from the obvious objectives of previous attacks.
Ask yourself: it was their attack Petya / NotPetya successful;
As a ransomware attack, it probably failed because its revenue (10.000 dollars) was insignificant compared to the size of the attack and the know-how used.
If the goal of the attack was to cause widespread disturbances, the attack was probably successful as there are still some victims trying to restore the full functionality of their systems.
In the case of WannaCry and Petya/NotPetya, each analysis can be disputed. What was the real motive and what was the real purpose of the attack.
Quite often Infosec community responses start with "maybe" or "probably", and sometimes there is "depend on." exactly what is happening, as with previous attacks.
On the other hand, the attackers have a huge arsenal of tools that can help them increase their ability to conceal their true purpose.
A DDoS attack is meant to throw a page? or is it an attempt to extortion to make money for the attacker?
With such tactics, it is clear that the need for co-operation and co-ordination of public-private, private or private research is more important than ever. Can it happen?
One is clear:
The earliest assumption that the payment of ransom after a contamination could potentially lead attackers to relinquish control over victims' data belongs to the past.