Miscellaneous 3 min. read

NotPetya: Simple Malware, or Act of War?

NotPetya: Simple Malware, or Act of War?

NotPetya malware

Last month, a new strain of ransomware hit Ukraine and the Eastern parts of Europe. Originally thought as a resurgence of a malware called the Petya ransomware, it quickly became apparent that this new malware – given the appropriately succinct name NotPetya – had upgraded from its predecessor.

Ransomware has become the latest word in cyberattacks. Quickly spreading with the ability to both lock, take over, and disrupt systems, this potent malware is the bane of all interlocking networks: because once it’s in, it doesn’t stop.

But something about NotPetya was different. And these implications could be terrifying for the future of online security.

NotPetya: What was different?

That’s the question everyone had to ask after the attack was diagnosed. The way how normal ransomware works is that it usually encrypts files and typically sends the compromised system details that would help them pay the ransom.

NotPetya, however, had an interesting case. The email address associated to the ransom message was shortly shut down after the attack launched, making most ransomware-hit computers unable to recover their files.

Furthermore, latest investigation into how this ransomware’s code worked hid a far more terrifying implication – that the money was never the point at all.

Most software security firms have agreed that for a ransomware, NotPetya wasn’t very clear on the process of how its victims would have to pay them – implying that this malware wasn’t taking systems hostage. It was destroying them.

In addition to that, while most ransomware attacks have sought to propagate themselves to a much wider audience, NotPetya was localised to the Ukraine and nearby East Europe. This would run counter to the purpose of a ransomware to collect as much money as possible before being shut down.

Finally, while the ransomware used much of the same exploits like its predecessors, it used a particular flaw in one of the programs all the affected industries were hit – suggesting that aside from not just disruption (unlike most ransomware) NotPetya had a specific target in mind.

What does this mean?

There’s really no telling, unfortunately. There is no doubt that this latest ransomware attack is the latest in the string of cybercrime sweeping the planet, but one message is clear: our security systems, more than ever, need to be up to par.

Users and system administrators around the world should be briefed accordingly as to what constitutes the elements of ransomware and how to deal with it, as well as prevention of the malware itself.

While we can rely on our security software in order to keep us safe, the best defense that we can all have is a change in attitude.

There are certain small things we can do, such as not visiting malicious websites, or downloading suspicious email attachments. But the biggest thing is prevention – to constantly upgrade and monitor software, to be vigilant about any suspicious activity online.

Another one is to be ready. Have backups and redundancies in place. Verify your security protocols. For example, the nature of ransomware makes it vulnerable to a full reformat of the infected system – something a lot easier to do when you have a backup hard drive.

Ransomware can be scary, but at the end of the day – it’s just the software.

Hotspot Shield uses the latest developments in data encryption processes to help create a safer online experience for you. Not only that, but Hotspot Shield is free! Download Hotspot Shield today through this link, or visit our website to learn more about the program and what it offers. For more articles like this, you may read through our blog.

Get the latest stories and tips from Hotspot Shield in your inbox