Over the last few years, hackers have worked hard to solidify themselves as trustworthy. The effectiveness of a ransomware attack relies on the victim’s belief that hackers will return ransomed files after receiving payment. Ransomware has continued to work as a money-gaining endeavor for hackers because of their record of making good on their promises.
In their book on different types of hacking schemes, Ransomware: Defending Against Digital Extortion, authors Allan Liska and Timothy Gallo describe best practice regarding paying ransoms. “If human lives are immediately on the line, you may consider payment” they begrudgingly admit, despite citing how they wish they could prescribe vigilance against hackers. Through admitting that payment is an option, Liska and Gallo legitimize payment as a means of solving a cybersecurity incident.
The latest virus,—Petya—has branded itself as a type of ransomware, and is targeting many European businesses. The only problem is, this time hackers cannot be trusted to return any files. Cybersecurity provider Comae asserted in a recent blog post that the newest iteration of Petya was not created to hold files hostage, but to destroy.
Petya.2017 is not ransomware. According to Comae, ransomware “has the ability to restore its modification.” Unfortunately for the victims of Petya.2017, this means they lose their files regardless of whether they pay or not. The precedent established by previous campaigns has tricked hacking victims into paying—without ever receiving their files back.
The core of Petya’s effectiveness lies in its ability to mislead. Through the misinterpretation of their methods by the masses, they have become far more effective in their efforts.
Ransomware hackers have now lost any “trust” they had built, which sparks the question—will ransomware continue to be an effective money-making scheme?
LEVICK Intern Daniel Leptoukh contributed to this post.