PARIS (AP) — The dramatic data-scrambling attack that hit computers around the world Tuesday appears to be contained. But with the damage and disruption still coming into focus, security experts worry the sudden explosion of malicious software may have been more sinister than a criminally minded shakedown of computer users.
“There may be a more nefarious motive behind the attack,” Gavin O’Gorman, an investigator with U.S. antivirus firm Symantec, said in a blog post. “Perhaps this attack was never intended to make money (but) rather to simply disrupt a large number of Ukrainian organizations.”
The rogue program initially appeared to be ransomware, a fast-growing and lucrative breed of malicious software that encrypts its victims’ data and holds it hostage until a payment is made.
But O’Gorman was one of several researchers who noted that any criminals would have had difficulty monetizing the epidemic given that they appear to have relied on a single email address that was blocked almost immediately and a single Bitcoin wallet that, to date, has collected the relatively puny sum of $10,000.
Others, such as Russian anti-virus firm Kaspersky Lab, said that clues in the code suggest the program’s authors would have been incapable of decrypting the data in any case, adding further evidence that the ransom demands were a smoke screen.
The timing was intriguing too: the malware explosion came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating a new constitution signed after the breakup of the Soviet Union.
Ransomware or not, computer specialists worldwide were still wrestling with its consequences, with varying degrees of success.