Crime Bytes: Motivations behind global ransomware attacks.


Cybercrime is all over the news at the moment: in May, ransomware virus WannaCry affected more than 150 countries, attacked more than 300,000 computers and had major impacts on organisations such as the NHS, FedEx, a Chinese police force and the Russian Interior Ministry. Then in June another virus, dubbed NotPetya, hit a dozen countries, attacked around 2,000 computers and had impacts on Ukrainian banks and the Ukrainian power grid in particular.


You might think that the point of these attacks, as the name suggests, is to ransom victim’s files in order to make money; however the latest NotPetya attacks have cast a large shadow on that assumption.  When it came to the payment side of the ransomware, it was both poorly designed and poorly executed; NotPetya was only associated with one email address, and this was used to receive Bitcoin payments. When this was closed down by the email provider, the ability for the criminals to interact with their victims was lost, hence they could no longer receive ransom money, nor could they recover the files of those who had paid the ransom.


The result of the strange payment methods meant that NotPetya only made a fraction of the money it could have done with a more sophisticated payment option. Similarly, despite infecting over 200,000 computers, WannaCry made $133,180 by the time NotPetya was released: a comparatively small amount of money when you remember that the attack spread through more than 75% of the world.


The small amounts of money made have lead to many debates regarding the motivations for these attacks, and it seems that people are becoming more and more convinced that these attacks are designed to disrupt normal working systems and to lead to chaos, rather than just monetary results. Former GCHQ Deputy Director for Intelligence and Cyber Operations, Brian Lord, stated that the point of these cyberattacks was not to aim for financial rewards, but that the offenders were attempting to create the largest amount of disruption.


Some commentators are suggesting that the key purpose of the NotPetya attack was to install new malware onto computers at government and commercial organisations, and that rather than seeking money at this point, the malware has laid the groundwork for future attacks. Others simply suggest that the point of NotPetya was to destroy data, and to destroy it permanently.


No matter what the motivation, it has been claimed that now that these attacks have begun, it is likely that there will be more, and of a bigger and even more serious scale. As always, ensure staff use strong passwords and keep them secure, keep software up to date, ensure your security settings are high, never click on a dodgy-looking link, and most importantly for this kind of attack, make sure your files are backed up.


If you think you have been a victim, please take note of the following advice from the National Fraud Intelligence Bureau:

– Report the incident to the National Fraud and Cyber Crime Reporting Centre on 0300 123 2040.

– Don’t pay the ransom demands – this feeds into the hands of criminals and it’s not guaranteed that access to your files will be restored.

Written by Researcher Clare Barrett.

Leave a Reply