A deeper look at the virus that struck computers in Ukraine and elsewhere this week has shown that what initially looked like ransomware was in fact a type of malware called a “wiper.” Rather than extorting money, it’s goal was to erase victims’ hard drives, disrupt their business and misdirect suspicions about the attacker’s identity, according to The Washington Post and other media reports.
Victims of the cyberattack saw a screen asking them to pay $300 in bitcoin for a key to unlock their computer – the same ploy used by the WannaCry ransomware that hit computers in more than 150 countries in May.
But security experts say this attack was different.
“It definitely wasn’t ransomware and wasn’t financially motivated,” Jake Williams, founder of cybersecurity firm Rendition Infosec, tells the Post. “The goal was to cause disruption in computer networks.”
Likewise, Matt Suiche, founder of cybersecurity firm Comae Technologies, writes on his website, “The goal of a wiper is to destroy and damage … Different intent. Different motive. Different narrative.”
Suiche says the perpetrator wanted to disguise the intent of the attack. “We believe the ransomware was in fact a lure to control the media narrative,” Suiche writes, “… to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.”
Still, Reuters says Ukrainian politicians blamed Russia for the attack, even as a Kremlin spokesman dismissed “unfounded blanket accusations.”
The news agency says security researchers believe one goal of the attack was to put malware onto computers in government and commercial offices in Ukraine, perhaps in preparation for future sabotage.
In the short term, The New York Times says, the attack may have been aimed at shutting down Ukraine’s computer systems. The malware appeared on the eve of a holiday celebrating the country’s independence and initially targeted an unlikely group: tax accountants. The Times says many of them use Ukrainian-made software that runs on computers using Microsoft Windows and was recently updated. Microsoft said in a statement it has evidence that some of the ransomware infections started in the updating process.
Read the complete article at npr.com
Kathy Goldgeier is the Managing Editor for Broadcast at WAMU.