Last months the ransomware software Wanna Cry attacked 200,000 victims in at least 150 countries worldwide and a huge fuss was made of the capability of hackers to use Bitcoin in illegal actions. Now, a new ransomware comes on stage.
A new virus-encryptor began its attacks on Tuesday in Ukraine. The virus blocks computers and demands a ransom of $300 in Bitcoins like WannaCry did. According to reports, by Wednesday the Bitcoin wallet, which was given by ransomware for the transfer of funds, had received nine transfers.
At first, this virus was attributed to the already known family of ransomware, called Petya, however, later it turned out that this is a new malware with significantly different functionality and its victims have no chance of recovering infected files. "Kaspersky Lab" called this new virus – ExPetr.
As Kaspersky Lab experts noted, for decryption of encrypted files a unique identifier of a specific trojan installation is needed. In earlier known versions of similar encryptors, like Petya, the installation identifier contained information necessary for decryption, but ExPetr has no identifier.
The representatives of Kaspersky Lab report:
"The analysis conducted by our experts showed that the victims did not initially have a chance to return their files. The researchers at Kaspersky Lab analyzed that part of the malware code that is associated with file encryption and found that after the disk was encrypted, the creators of the virus already have no way to decode it back."
Experts from the UN say that this virus is more dangerous and its primary goal isn’t money. Neil Walsh of the United Nations Office on Drugs and Cyber and Emerging Crime Department commented:
"It's a new type of ransomware. This ransomware can attack in three or four different ways while WannaCry simply used one exploit called "eternal blue". This one can do a lot of different things in different ways. It has a different capability."
Mike Lorrey, the co-creator of the cryptocurrency Bitgold, a predecessor of Bitcoin, commented on our previous article about the possibility that WannaCry malware was used to promote Bitcoin as an anonymous currency, and that such ransomware software is more likely to be made by hackers desiring to get public attention. He said:
“It seems to me that Wanna Cry was created by a state actor trying to disparage Bitcoin but getting the public to associate criminality with it.”