The Ransomware Attack That Wasn’t

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.

Remember that fast-moving cyberattack that slashed its way across the globe in late June, infecting everything from the former Chernobyl nuclear reactor to shipping conglomerate A.P. Moller-Maersk? Turns out it wasn’t really ransomware, as widely believed, but an even more malicious piece of malware called a “wiper.”

Even though many observers thought the attack was a new strain of Petya ransomware, the ransom part of it was a complete scam. The attackers had no way of decrypting the files they hijacked. So even if the victims immediately paid the $300 ransom, they still weren’t getting their data back.

“The superficial resemblance to Petya is only skin deep,” wrote one infosec researcher who goes by the name the grugq. “Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware.’”

What is a wiper?

While ransomware is all about making money, a wiper is simply interested in destroying data. Think of it this way: Ransomware is the guy who goes into a bank and robs it. A wiper is the guy who goes into a bank and sets the cash on fire.

 “The attacker took an existing ransomware which he repackaged,” concurred Matt Suiche, founder of Comae Technologies. “We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents, to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers.”

Different goals, same damage

Whatever the motive, this new form of malware confirms what security experts have warned all along: paying a ransom is no guarantee you’ll get your data back.

In fact, the only real way to protect your data from ransomware or wipers is with a strong backup solution like Acronis Backup 12.5 for businesses or Acronis True Image for home users. Regular backups that are secured off-site make ransomware almost toothless. If you are hit by an attack, there’s little to worry about because you have safe, secure copies of any files that might have been encrypted or damaged.

Acronis Active Protection

And Acronis goes far beyond other backup solutions. Our groundbreaking Acronis Active Protection™ is the only backup technology that actively fights back against ransomware, using sophisticated analysis, artificial intelligence and machine learning to monitor your system. If it spots any errant behavior or suspicious processes, it stops the activity and blacklists the program responsible for it, ensuring that it can’t restart on the next reboot.

If ransomware does manage to sneak through and start encrypting files, Acronis Active Protection stops it and automatically restores the files to the most recently backed up version.

How effective is Acronis’ solution? In testing by an independent lab, Acronis Active Protection significantly outperformed 22 anti-virus solutions in recognizing and stopping ransomware.


Final Thought
It doesn’t really   matter if you’re hit by ransomware or a wiper. Either way, your data is   probably toast – unless you perform regular backups as part of a broader data   protection strategy. Begin with Acronis Backup 12.5  (for businesses) or Acronis True Image  (for home   users) and rest easy knowing that the groundbreaking technology of Acronis   Active Protection™ will be able to stop these kind of cyberattacks   before they start.


Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.