Petya.2017 is a wiper not a ransomware
Matt Suiche

If this was just a lure to control the media narrative, there would be no need to change the code this way still. It could just operate like regular ransomware but “accidentally” not give out keys (the amateurish verification email thing gives plausible deniability for that by itself).

That would effectively wipe, too. All the change achieved was alerting you to the wiping.

It seems plausible to me that the overwriting with the bootloader was accidental. Or, it could be deliberately defective malware, sold as a get rich quick scheme to some script kiddie.

There’s a lot of paranoia around “is it criminals or is it Russian government”. I always thought, why not both? A lot of Putin’s allies are little more than glorified gangsters. Why would hackers be any different? My guess is that cozy bear/fancy bear were ordinary criminal hacker groups that just got persuaded to do some work for the government. In return the government looks the other way when they enrich themselves or amuse themselves in other ways — that’s the way it’s always worked in feudal states.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.