Though Petya, a recent piece of malware spreading around the world, appears to be ransomware from the outside, it may not actually fit the criteria. Researchers with Kaspersky Lab say they believe Petya is actually a “wiper,” not ransomware.
This determination is based on the discovery that Petya fully overwrites a portion of the disk it targets rather than just encrypting the files. As such, it destroys content instead of locking it behind a paywall.
Researchers think it could have been disguised as ransomware in order to alter the media’s coverage of the attack.
Along with the wiping capabilities of Petya, it was also found the hackers made paying the ransom difficult. They only accepted payments at a single Bitcoin address (thereby increasing processing times) and victims had to email the attackers with a set of characters. Yet, the email address provided doesn’t work.
Other researchers agree Petya wasn’t about making money and was instead meant to cause disruption. However, they disagree with the characterization of it as a wiper. The malware specifically targets the first 25 sectors of a disk. While essential, those sectors are typically blank in Windows installations, something the hackers must have known.