That "ransomware" attack was really a cyberattack on Ukraine

According to Kaspersky, the Petya ransomware that raced around the world this week wasn't ransomware at all, and there is no way to get back your files after it does its work (that's why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over).



This Petya strain is much more professional than the original Petya worm, and far superior to the last ransomware worm, Wannacry.


Kaspersky concluded that this Petya was a "wiper" that made the files it attacked unrecoverable, sending random numbers to people who paid the ransom.


This Petya strain, which researchers are calling Pnyetya, seemed to seek out Ukrainian computers, identifying them by seeking evidence of a program that every Ukrainian business needs to run as part of the national tax payment system.

Russian state hackers have used Ukraine as the testbed for its cyberwar development effort.


In fact, everyone that does business requiring them to pay taxes in Ukraine has to use MeDoc (one of only two approved accounting software packages.) So an attack launched from MeDoc would hit not only Ukraine’s government but many foreign investors and companies.


Pnyetya: Yet Another Ransomware Outbreak