Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


The Ransomware Attack That Wasn’t

Published on
309 Points
1 Endorsement
Last Modified:
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.

Remember that fast-moving cyberattack that slashed its way across the globe in late June, infecting everything from the former Chernobyl nuclear reactor to shipping conglomerate A.P. Moller-Maersk? Turns out it wasn’t really ransomware, as widely believed, but an even more malicious piece of malware called a “wiper.”

Even though many observers thought the attack was a new strain of Petya ransomware, the ransom part of it was a complete scam. The attackers had no way of decrypting the files they hijacked. So even if the victims immediately paid the $300 ransom, they still weren’t getting their data back.

“The superficial resemblance to Petya is only skin deep,” wrote one infosec researcher who goes by the name the grugq. “Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware.’”

What is a wiper?

While ransomware is all about making money, a wiper is simply interested in destroying data. Think of it this way: Ransomware is the guy who goes into a bank and robs it. A wiper is the guy who goes into a bank and sets the cash on fire.

 “The attacker took an existing ransomware which he repackaged,” concurred Matt Suiche, founder of Comae Technologies. “We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents, to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers.”

Different goals, same damage

Whatever the motive, this new form of malware confirms what security experts have warned all along: paying a ransom is no guarantee you’ll get your data back.

In fact, the only real way to protect your data from ransomware or wipers is with a strong backup solution like Acronis Backup 12.5 for businesses or Acronis True Image for home users. Regular backups that are secured off-site make ransomware almost toothless. If you are hit by an attack, there’s little to worry about because you have safe, secure copies of any files that might have been encrypted or damaged.

Acronis Active Protection

And Acronis goes far beyond other backup solutions. Our groundbreaking Acronis Active Protection™ is the only backup technology that actively fights back against ransomware, using sophisticated analysis, artificial intelligence and machine learning to monitor your system. If it spots any errant behavior or suspicious processes, it stops the activity and blacklists the program responsible for it, ensuring that it can’t restart on the next reboot.

If ransomware does manage to sneak through and start encrypting files, Acronis Active Protection stops it and automatically restores the files to the most recently backed up version.

How effective is Acronis’ solution? In testing by an independent lab, Acronis Active Protection significantly outperformed 22 anti-virus solutions in recognizing and stopping ransomware.


Final Thought
It doesn’t really   matter if you’re hit by ransomware or a wiper. Either way, your data is   probably toast – unless you perform regular backups as part of a broader data   protection strategy. Begin with Acronis Backup 12.5  (for businesses) or Acronis True Image  (for home   users) and rest easy knowing that the groundbreaking technology of Acronis   Active Protection™ will be able to stop these kind of cyberattacks   before they start.


By clicking you agree to the Terms of Use and Privacy Policy.
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Join & Write a Comment

Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month