Ransomware as a distraction
Posted: Thu Feb 13, 2025 3:11 am
A few weeks later, another global ransomware epidemic broke out in the form of the Petya virus, which had similar functionality to the worm, but added the ability to permanently destroy data on infected systems.
While the ultimate goal of these malwares was to make money from ransom payments, none of the campaigns were successful in that regard. Those behind WannaCry (which intelligence agencies suspect originated in North Korea) ultimately managed to make around $140,000 from Bitcoin wallets linked to the attack, a paltry sum given the scale and impact of the campaign.
However, the real result of the WannaCry and Petya attacks is that the current scale of the ransomware problem has become clear to everyone. And this was once again confirmed by the recent attacks in Russia and Ukraine by the Bad Rabbit encryptor, which showed that virus writers continue to work on new versions of ransomware.
We have already seen how ransomware infections can be portugal whatsapp data by other destructive actions. For example, Petya had an “eraser” in its functionality, designed to irreversibly destroy data on infected systems. This is a tactic of deception - while the ransomware presents itself as an urgent problem, other background actions are happening in parallel.
“Ransomware may be the outwardly visible public image of what’s going on that scares users, but when your attention is completely diverted, there may be a whole host of other things going on behind the scenes, such as infiltrating systems, exfiltrating data, or transferring funds,” says Peri Carpenter, chief strategy officer at security firm KnowBe4.
This means that a ransomware infection may be the least of your problems. A Trojan or stolen credentials could give attackers full access to the network even after the ransomware recovery problem has been solved, and organizations may give in and pay ransom to the criminals, who will still be able to exploit their network vulnerabilities.
Another potential outcome of such an emergency is encryption of your data combined with its theft.
While the ultimate goal of these malwares was to make money from ransom payments, none of the campaigns were successful in that regard. Those behind WannaCry (which intelligence agencies suspect originated in North Korea) ultimately managed to make around $140,000 from Bitcoin wallets linked to the attack, a paltry sum given the scale and impact of the campaign.
However, the real result of the WannaCry and Petya attacks is that the current scale of the ransomware problem has become clear to everyone. And this was once again confirmed by the recent attacks in Russia and Ukraine by the Bad Rabbit encryptor, which showed that virus writers continue to work on new versions of ransomware.
We have already seen how ransomware infections can be portugal whatsapp data by other destructive actions. For example, Petya had an “eraser” in its functionality, designed to irreversibly destroy data on infected systems. This is a tactic of deception - while the ransomware presents itself as an urgent problem, other background actions are happening in parallel.
“Ransomware may be the outwardly visible public image of what’s going on that scares users, but when your attention is completely diverted, there may be a whole host of other things going on behind the scenes, such as infiltrating systems, exfiltrating data, or transferring funds,” says Peri Carpenter, chief strategy officer at security firm KnowBe4.
This means that a ransomware infection may be the least of your problems. A Trojan or stolen credentials could give attackers full access to the network even after the ransomware recovery problem has been solved, and organizations may give in and pay ransom to the criminals, who will still be able to exploit their network vulnerabilities.
Another potential outcome of such an emergency is encryption of your data combined with its theft.