The NotPetya ransomware may not actually be ransomware at all - it could be something worse

Is ransomware still ransomware if its goal is purely to destroy?

This is less if-a-tree-falls hypothetical and more sobering reality for the untold number of people across the globe whose computer systems have been infected with the NotPetya ransomware.

That's because the latest digital scourge to cripple computer networks in 65 countries (and counting) doesn't fit the typical ransomware mould.

Instead of just encrypting users' files and holding those files ransom, NotPetya appears to do permanent damage to computer systems.

Security researcher Matt Suiche lays out the bad news in a blog post for cybersecurity firm Comae Technologies.

He notes that while an earlier version of Petya, from which NotPetya gets its name, technically allowed for the decryption of files, NotPetya doesn't.

"2016 Petya modifies the disk in a way where it can actually revert its changes," writes Suiche.

"Whereas, 2017 Petya does permanent and irreversible damages to the disk."

Suiche goes on to call NotPetya a "wiper," and explains the difference between a wiper and ransomware.

"The goal of a wiper is to destroy and damage," notes Suiche.

"The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as [restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays]-  a wiper would simply destroy and exclude possibilities of restoration."

So, if the motive for the malicious code is not profit via a Bitcoin ransom, what could it be?

While at this point it's pure speculation, the growing consensus among a host of security experts is that the attack was not launched by cybercriminals in the traditional sense.

However, not everyone agrees with Suiche's findings.

Read the full article here.