ExPetr is not ransomware but rather a wiper designated to damage infected computer systems, Matt Suiche, the founder of Comae Technologies cybersecurity firm, told on Friday.
“The encryption function is buggy. If it was a ransomware to make money it would at least work as a ransomware,” Suiche said.
Suiche supposes that the aim of the attack was to disrupt the work of the companies and businesses targeted as the attacks’ motives were apparently not to just temporarily limit the victims’ access to information but rather to destroy and damage the systems.
Among the hit firms were some major businesses like pharmaceutical giant Merck, Russia’s oil company Rosneft, Denmark’s shipping company Maersk and a Cadbury factory in Australia.
Kaspesky Lab also supports the wiper theory. The antivirus company’s experts said preliminary analysis showed that hackers could not decrypt the victim’s disk even after the demanded payment was made.
On Thursday, Kaspersky explained to Sputnik that with current antivirus capacities it was almost impossible to get the keys to restore access to information.
ExPetr has been compared to the virus dubbed as WannaCry that infected over 230,000 computers back in May, but it appears to belong to a separate malware family.
“It’s more complex, and uses more technical layers to propagate,” Suiche explained.
Tech companies urge people not to transfer the ransom as it will not help to get back access to the data. As for businesses, these need to have more clear IT security strategies as there is a chance that similar attacks can take place at some point in the future, according to Suiche.
“Antivirus only stops against what they know. There is no silver bullet security product; companies need to have a more mature security,” he said.
The large-scale ExPetr hacker attack took place on Tuesday, targeting businesses as well official bodies across the globe. The majority of the affected companies said that they managed to cope with the breach of security and are investigating the reasons.