Cyber security experts found that the software that locks the users’ devices is in fact wiping sectors of the hard drive, making information completely irrecuperable. Experts at Kaspersky Lab think that the developers of the said malware disguised the software as ransomware to catch the media’s attention.
However, at its core, the malware is a “wiper,” or a piece of software that overwrites parts of the disk instead of encrypting them like a ransomware usually does. So, even if you pay to have your computer unlocked, you won’t get your information back as it was completely erased.
Hackers Weren’t After the Money
Experts also found that hackers purposely made it hard for the victims to recover their data. In a first move, they said they would accept payments in a Bitcoin wallet. However, when someone expects to receive large sums of money, they usually use multiple Bitcoin accounts.
In addition, they forced victims to send an email with a string of letters that they had to manually type in if they wanted their devices back. That email address, though, doesn’t even exist.
Researchers noted that users will not be able to get their data back even if they make the payment. While some experts disagree that the malware was built as a “wiper” since it only wipes two dozen sectors of a disk which are originally left empty at any standard Windows installation, most experts agree that the attack was never about making money. Ukrainian cybersecurity experts believe that the attack was conducted by state-sponsored agents, and the likely culprit is Russia.
Image Source: encrypted-tbn0.gstatic.com