The ransomware attack that spread to computer systems in at least 64 countries Tuesday earned hackers less than $10,000 in ransom from victims seeking to regain access to their files, prompting some analysts to question whether such attacks are money-making schemes at all.
The cyberattack began in Ukraine using an updated version of a ransomware called “Petya,” which Microsoft said was traced to a tax account software from a Ukrainian company. From there, it spread, targeting companies in the U.K., the U.S., Russia, and at least 60 other countries. Though it is unknown who is behind the attack, experts noted that it bore similarities to the “WannaCry” ransomware that spread to more than 150 countries in May; some have attributed that attack to North Korean hackers using leaked tools believed to belong to the National Security Agency. As in the WannaCry incident, attackers on Tuesday took control of computer systems and demanded victims pay of $300 to a Bitcoin address to regain access to their files. Both attacks are believed to have exploited the NSA hacking tool Eternal Blue to further the ransomware’s spread, according to Accenture Security.
But there were key differences between the two attacks. The European Union Agency for Law Enforcement Cooperation (Europol) said in a statement Wednesday that this week’s incident was indicative of “a more sophisticated attack capability” than the WannaCry attack, noting the malware used rendered machines unusable by encrypting their hard drives (previous attacks only locked individual files).