Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware


Top member
The NotPetya ransomware that encrypted and locked thousands of computers across the globe yesterday and today is, in reality, a disk wiper meant to sabotage and destroy computers, and not ransomware. This is the conclusion of two separate reports coming from Comae Technologies and Kaspersky Lab experts.

Experts say that NotPetya — also known as Petya, Petna, ExPetr — operates like a ransomware, but clues hidden in its source code reveal that users will never be able to recover their files.

This has nothing to do with the fact that a German email provider has shut down the NotPetya operator's email account. Even if victims would be able to get in contact with the NotPetya author, they still have no chance of recovering their files.

NotPetya never bothers to generate a valid infection ID
This is because NotPetya generates a random infection ID for each computer. A ransomware that doesn't use a command-and-control server — like NotPetya — uses the infection ID to store information about each infected victim and the decryption key.

Because NotPetya generates random data for that particular ID, the decryption process is impossible, according to Kaspersky expert Anton Ivanov.
Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware