"We still don't know for sure what Petya/NotPetya is“. This is one of the conclusions of a new and extensive report by security researchers from F-Secure.
The point of the report is that the Petya/NotPetya malware is a mess, and that it would not be wise to jump to conclusions if it really is ransomware, or something else.
The point is – Petya/NotPetya is not working quite well. That has prompted many people to believe that it's not exactly ransomware, but that conclusion is flawed.
“Malfunctioning malware isn’t rare,” says F-Secure's Andy Patel. “It’s possibly evidence of nothing more than a bug in the code, a design flaw, or issues with supporting infrastructure. It’s typically not enough evidence for us to attribute anything in particular.”
“So there’s lots of bugs? Isn’t that evidence that it’s not real ransomware? To be honest, who knows. It’s evidence of a mess, and we’re still working to untangle all the knots. It’s time-consuming.”
One thing that F-Secure concluded is that you can get infected multiple times, which is evidence of ‘poor testing practices’. It also concluded that the malware has a ‘vendetta against Kaspersky Lab’.
“If this malware finds running Kaspersky processes on the system, it writes junk to the first 10 sectors of the disk, and then reboots, bricking the machine completely.”
And finally, the report is wrapped up with a mystery:
“We know of victims who don’t use M.E.Doc and have no obvious connections to Ukraine. Yet they were infected during Tuesday’s outbreak. This mystery is one of the factors that have kept us from jumping on the conspiracy train. And we still don’t have answers here.”
Image Credit: JMiks / Shutterstock