Weissblick - Fotolia

WannaCry an example of pseudo-ransomware, says McAfee

The global WannaCry and NotPetya attacks were both examples of pseudo-ransomware, according to McAfee researchers

Despite claims to the contrary, WannaCry malware was well-written with evidence of good data governance, according to Raj Samani, chief scientist and fellow at McAfee.

Although WannaCry’s inability to automatically decrypt once the ransom had been paid initially appeared to be a mistake, it pointed to the malware’s true purpose, he told the 2017 Wired Security Conference in London.

“WannaCry collected only around $150,000, which is relatively little compared with the $325m collected by the CryptoWall ransomware, which led us to conclude that we were seeing the rise of pseudo-ransomware, which was quickly followed by another example in the form of NotPetya,” said Samani.

WannaCry may have been a proof of concept, but the true propose, he said, was to cause disruption, which is consistent with what researchers are learning when going undercover as ransomware victims to ransomware support forums.

“When one of our researchers asked why a particular ransom was so low, the ransomware support representative told her that those operating the ransoware had already been paid by someone to create and run the ransomware campaign to disrupt a competitor’s business,” said Samani.

“The game has changed. The reality is that any organisation can hire someone to disrupt a competitor’s business operations for less than the price of a cup of coffee.”

In the face of this reality, Samani said the security industry and society as a whole has to “draw a line in the sand”, which is the motivation behind the No More Ransom project set up by the Dutch National Police, EuropolMcAfee and Kaspersky Lab in July 2017.

The initiative offers organisations advice and information about preventing ransomware attacks, but more importantly provides tools for decrypting data locked up by some common types of ransomware.

“No More Ransom offers an third option beyond ‘losing your data’ and ‘paying the ransom’, and since inception, the project has prevented £9m going into the coffers of cyber criminals running ransomware operations,” said Samani.

Read more about ransomware

Ransomware –whether for direct profit or as a disruptive service for hire – is an increasingly popular business model for cyber attackers.

In the light of this fact, and the fact that some internet-connected equipment and device manufacturers, including carmakers, are often slow to respond to security vulnerability reports, it is important for the information security industry and society as a whole to make a stand, said Samani.

It is not difficult, he said, to imagine a future where every internet-connected device can be used to demand payment to maintain functionality of the device or associated services.

“But unless we do something about it, as an industry and a society, that will be our future,” said Samani. ... .... .... .... .... .... .... ... .... ....

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I think it's pretty obvious to how much it changed. A rival company has sent us a ransomware file, one of the employees wasn't aware of it, and from that point on, many of our computers were infected. We did have some detection systems but it still wasn't enough at the same time. Lesson learned: just take care of your computer systems.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close